summaryrefslogtreecommitdiffstats
path: root/Bugzilla/Install
diff options
context:
space:
mode:
authorReed Loden <reed@reedloden.com>2010-02-01 22:27:08 +0100
committerMax Kanat-Alexander <mkanat@bugzilla.org>2010-02-01 22:27:08 +0100
commit9a80c1fffa48ef6d9301ba64a9bd02b4d5448dc2 (patch)
tree17ce8bffc3fe6534ba4a38aa4c186ff0349f7dc5 /Bugzilla/Install
parent532196b8689286cf4e65b58c98afa95ca910d7ac (diff)
downloadbugzilla-9a80c1fffa48ef6d9301ba64a9bd02b4d5448dc2.tar.gz
bugzilla-9a80c1fffa48ef6d9301ba64a9bd02b4d5448dc2.tar.xz
Bug 434801: [SECURITY] .htaccess doesn't prevent reading old-params.txt from the web
Patch by Reed Loden <reed@reedloden.com> r=mkanat a=LpSolit
Diffstat (limited to 'Bugzilla/Install')
-rw-r--r--Bugzilla/Install/Filesystem.pm7
1 files changed, 7 insertions, 0 deletions
diff --git a/Bugzilla/Install/Filesystem.pm b/Bugzilla/Install/Filesystem.pm
index 99f71d989..44c34718e 100644
--- a/Bugzilla/Install/Filesystem.pm
+++ b/Bugzilla/Install/Filesystem.pm
@@ -139,6 +139,7 @@ sub FILESYSTEM {
'docs/*/README.docs' => { perms => $owner_readable },
"$datadir/bugzilla-update.xml" => { perms => $ws_writeable },
"$datadir/params" => { perms => $ws_writeable },
+ "$datadir/old-params.txt" => { perms => $owner_readable },
"$extensionsdir/create.pl" => { perms => $owner_executable },
);
@@ -369,6 +370,12 @@ sub update_filesystem {
_rename_file($testfile, "$testfile.old");
}
+ # If old-params.txt exists in the root directory, move it to datadir.
+ my $oldparamsfile = "old_params.txt";
+ if (-e $oldparamsfile) {
+ _rename_file($oldparamsfile, "$datadir/$oldparamsfile");
+ }
+
_create_files(%files);
if ($params->{index_html}) {
_create_files(%{$fs->{index_html}});