diff options
author | Reed Loden <reed@reedloden.com> | 2010-07-08 23:51:28 +0200 |
---|---|---|
committer | Reed Loden <reed@reedloden.com> | 2010-07-08 23:51:28 +0200 |
commit | 124c46d598baca86873cf6cccab7ec64b5a599d5 (patch) | |
tree | fd13b920fdf750a0504772becf9f854af822b6be | |
parent | 383374778c025aebb1aaff1658b4024f0d0a58f7 (diff) | |
download | bugzilla-124c46d598baca86873cf6cccab7ec64b5a599d5.tar.gz bugzilla-124c46d598baca86873cf6cccab7ec64b5a599d5.tar.xz |
Bug 567981 - Restore ability for page.cgi pages to contain . characters, but don't permit '..' at all.
[r=mkanat a=mkanat]
-rwxr-xr-x | page.cgi | 10 |
1 files changed, 7 insertions, 3 deletions
@@ -66,9 +66,13 @@ my $template = Bugzilla->template; my $id = $cgi->param('id'); if ($id) { - # Split into name and ctype, but be careful not to allow directory - # traversal. - $id =~ /^([\w\-\/]+)\.(\w+)$/; + # Be careful not to allow directory traversal. + if ($id =~ /\.\./) { + # two dots in a row is bad + ThrowCodeError("bad_page_cgi_id", { "page_id" => $id }); + } + # Split into name and ctype. + $id =~ /^([\w\-\/\.]+)\.(\w+)$/; if (!$2) { # if this regexp fails to match completely, something bad came in ThrowCodeError("bad_page_cgi_id", { "page_id" => $id }); |