summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorbbaetz%student.usyd.edu.au <>2002-07-10 08:40:31 +0200
committerbbaetz%student.usyd.edu.au <>2002-07-10 08:40:31 +0200
commit2a609ad58ffde7e3b03b3fb576c0012e99beba55 (patch)
tree04949298dda64b7a61cca580dabb469693fda3f8
parent75082eeb8e619fdd839593f1e74053ccd7d58137 (diff)
downloadbugzilla-2a609ad58ffde7e3b03b3fb576c0012e99beba55.tar.gz
bugzilla-2a609ad58ffde7e3b03b3fb576c0012e99beba55.tar.xz
bug 155861 - showdependancygraph.cgi fails taint check with local dot
installation r=gerv, myk
-rwxr-xr-xchecksetup.pl26
-rwxr-xr-xshowdependencygraph.cgi11
2 files changed, 25 insertions, 12 deletions
diff --git a/checksetup.pl b/checksetup.pl
index 94172150d..4682359bf 100755
--- a/checksetup.pl
+++ b/checksetup.pl
@@ -640,8 +640,8 @@ $::ENV{'PATH'} = $origPath;
unless (-d 'data') {
print "Creating data directory ...\n";
# permissions for non-webservergroup are fixed later on
- mkdir 'data', 0770;
- mkdir 'data/mimedump-tmp', 01777;
+ mkdir 'data', 0770;
+ mkdir 'data/mimedump-tmp', 01777;
open FILE, '>>data/comments'; close FILE;
open FILE, '>>data/nomail'; close FILE;
open FILE, '>>data/mail'; close FILE;
@@ -726,7 +726,16 @@ unless (-d 'graphs') {
close(IN);
close(OUT);
- }
+ }
+}
+
+unless (-d 'data/mining') {
+ mkdir 'data/mining', 0700;
+}
+
+unless (-d 'data/webdot') {
+ # perms/ownership are fixed up later
+ mkdir 'data/webdot', 0700;
}
if ($my_create_htaccess) {
@@ -771,10 +780,6 @@ END
chmod $fileperm, "template/.htaccess";
}
if (!-e "data/webdot/.htaccess") {
- if (!-d "data/webdot") {
- mkdir "data/webdot", $dirperm;
- chmod $dirperm, "data/webdot"; # the perms on mkdir don't seem to apply for some reason...
- }
print "Creating data/webdot/.htaccess...\n";
open HTACCESS, ">data/webdot/.htaccess";
print HTACCESS <<'END';
@@ -1073,7 +1078,10 @@ if ($my_webservergroup) {
# userid.
fixPerms('.htaccess', $<, $webservergid, 027); # glob('*') doesn't catch dotfiles
fixPerms('data/.htaccess', $<, $webservergid, 027);
+ fixPerms('data/duplicates', $<, $webservergid, 027, 1);
+ fixPerms('data/mining', $<, $webservergid, 027, 1);
fixPerms('data/template', $<, $webservergid, 007, 1); # webserver will write to these
+ fixPerms('data/webdot', $<, $webservergid, 007, 1);
fixPerms('data/webdot/.htaccess', $<, $webservergid, 027);
fixPerms('data/params', $<, $webservergid, 017);
fixPerms('*', $<, $webservergid, 027);
@@ -1093,7 +1101,11 @@ if ($my_webservergroup) {
my $gid = (split " ", $()[0];
fixPerms('.htaccess', $<, $gid, 022); # glob('*') doesn't catch dotfiles
fixPerms('data/.htaccess', $<, $gid, 022);
+ fixPerms('data/duplicates', $<, $gid, 022, 1);
+ fixPerms('data/mining', $<, $gid, 022, 1);
fixPerms('data/template', $<, $gid, 000, 1); # webserver will write to these
+ fixPerms('data/webdot', $<, $gid, 000, 1);
+ chmod 01777, 'data/webdot';
fixPerms('data/webdot/.htaccess', $<, $gid, 022);
fixPerms('data/params', $<, $gid, 011);
fixPerms('*', $<, $gid, 022);
diff --git a/showdependencygraph.cgi b/showdependencygraph.cgi
index cf2122540..2a5d20f6c 100755
--- a/showdependencygraph.cgi
+++ b/showdependencygraph.cgi
@@ -75,8 +75,6 @@ if (!defined($::FORM{'id'}) && !defined($::FORM{'doall'})) {
exit;
}
-mkdir("data/webdot", 0777);
-
my $filename = "data/webdot/$$.dot";
my $urlbase = Param('urlbase');
@@ -189,10 +187,13 @@ if ($webdotbase =~ /^https?:/) {
# Cleanup any old .dot files created from previous runs.
my $since = time() - 24 * 60 * 60;
-foreach my $f (glob("data/webdot/*.dot
- data/webdot/*.png
- data/webdot/*.map"))
+# Can't use glob, since even calling that fails taint checks for perl < 5.6
+opendir(DIR, "data/webdot/");
+my @files = grep { /\.dot$|\.png$|\.map$/ && -f "data/webdot/$_" } readdir(DIR);
+closedir DIR;
+foreach my $f (@files)
{
+ $f = "data/webdot/$f";
# Here we are deleting all old files. All entries are from the
# data/webdot/ directory. Since we're deleting the file (not following
# symlinks), this can't escape to delete anything it shouldn't