summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorjustdave%syndicomm.com <>2002-02-13 10:35:28 +0100
committerjustdave%syndicomm.com <>2002-02-13 10:35:28 +0100
commit5938698d13c326114857aaebb34a0f7081e1d486 (patch)
treef98ca6e5273b71b5a3e2acace301db1ef932810a
parent5a55ccb3848d0386c7a04256991af89970137d03 (diff)
downloadbugzilla-5938698d13c326114857aaebb34a0f7081e1d486.tar.gz
bugzilla-5938698d13c326114857aaebb34a0f7081e1d486.tar.xz
Fix for bug 99024: checksetup was not giving proper permissions to the contents of the template directory. This patch also
adds an .htaccess file that blocks access to the template folder by the web server. Patch by Dave Miller <justdave@syndicomm.com> r= zach x 2
-rwxr-xr-xchecksetup.pl72
1 files changed, 50 insertions, 22 deletions
diff --git a/checksetup.pl b/checksetup.pl
index 59f9859c5..05dcc8607 100755
--- a/checksetup.pl
+++ b/checksetup.pl
@@ -627,6 +627,17 @@ END
close HTACCESS;
chmod $fileperm, "data/.htaccess";
}
+ if (!-e "template/.htaccess") {
+ print "Creating template/.htaccess...\n";
+ open HTACCESS, ">template/.htaccess";
+ print HTACCESS <<'END';
+# nothing in this directory is retrievable unless overriden by an .htaccess
+# in a subdirectory
+deny from all
+END
+ close HTACCESS;
+ chmod $fileperm, "template/.htaccess";
+ }
if (!-e "data/webdot/.htaccess") {
if (!-d "data/webdot") {
mkdir "data/webdot", $dirperm;
@@ -751,22 +762,36 @@ sub isExecutableFile {
# fix file (or files - wildcards ok) permissions
sub fixPerms {
- my $file;
- my @files = glob($_[0]);
- my $exeperm = 0777 & ~ $_[1];
- my $normperm = 0666 & ~ $_[1];
- foreach $file (@files) {
- # do not change permissions on directories here
- if (!(-d $file)) {
- # check if the file is executable.
- if (isExecutableFile($file)) {
- #printf ("Changing $file to %o",$exeperm);
- chmod $exeperm, $file;
- } else {
- #print ("Changing $file to %o", $normperm);
- chmod $normperm, $file;
+ my ($file_pattern, $owner, $group, $umask, $do_dirs) = @_;
+ my @files = glob($file_pattern);
+ my $execperm = 0777 & ~ $umask;
+ my $normperm = 0666 & ~ $umask;
+ foreach my $file (@files) {
+ next if (!-e $file);
+ # do not change permissions on directories here unless $do_dirs is set
+ if (!(-d $file)) {
+ chown $owner, $group, $file;
+ # check if the file is executable.
+ if (isExecutableFile($file)) {
+ #printf ("Changing $file to %o\n", $execperm);
+ chmod $execperm, $file;
+ } else {
+ #printf ("Changing $file to %o\n", $normperm);
+ chmod $normperm, $file;
+ }
+ }
+ elsif ($do_dirs) {
+ chown $owner, $group, $file;
+ if ($file =~ /CVS$/) {
+ chmod 0700, $file;
+ }
+ else {
+ #printf ("Changing $file to %o\n", $execperm);
+ chmod $execperm, $file;
+ fixPerms("$file/.htaccess", $owner, $group, $umask, $do_dirs);
+ fixPerms("$file/*", $owner, $group, $umask, $do_dirs); # do the contents of the directory
+ }
}
- }
}
}
@@ -790,11 +815,11 @@ EOF
# chown needs to be called with a valid uid, not 0. $< returns the
# caller's uid. Maybe there should be a $bugzillauid, and call with that
# userid.
- chown $<, $webservergid, glob('*');
- if (-e ".htaccess") { chown $<, $webservergid, ".htaccess" } # glob('*') doesn't catch dotfiles
- if (-e "data/.htaccess") { chown $<, $webservergid, "data/.htaccess" }
- if (-e "data/webdot/.htaccess") { chown $<, $webservergid, "data/webdot/.htaccess" }
- fixPerms('*',027);
+ fixPerms('.htaccess', $<, $webservergid, 027); # glob('*') doesn't catch dotfiles
+ fixPerms('data/.htaccess', $<, $webservergid, 027);
+ fixPerms('data/webdot/.htaccess', $<, $webservergid, 027);
+ fixPerms('*', $<, $webservergid, 027);
+ fixPerms('template', $<, $webservergid, 027, 1);
chmod 0644, 'globals.pl';
chmod 0644, 'RelationSet.pm';
chmod 0771, 'data';
@@ -802,8 +827,11 @@ EOF
} else {
# get current gid from $( list
my $gid = (split " ", $()[0];
- chown $<, $gid, glob('*');
- fixPerms('*',022);
+ fixPerms('.htaccess', $<, $gid, 022); # glob('*') doesn't catch dotfiles
+ fixPerms('data/.htaccess', $<, $gid, 022);
+ fixPerms('data/webdot/.htaccess', $<, $gid, 022);
+ fixPerms('*', $<, $gid, 022);
+ fixPerms('template', $<, $gid, 022, 1);
chmod 01777, 'data', 'graphs';
}