Bug 213384: shutdownhtml login bypass via editparams.cgi is broken under suexec. r=kiko, a=justdave

author: jocuri%softhome.net <> 2003-10-08 04:15:35 +0200
committer: jocuri%softhome.net <> 2003-10-08 04:15:35 +0200
commit: 6df993a22dd55cb29aad9b0c173b5dd0f54e42c7 (patch)
tree: 8c800091c5828cb121788467a601acda4d15d5b2 /CGI.pl
parent: 7976d7b56f91bd291bbc086b9bc48cd593592040 (diff)
download: bugzilla-6df993a22dd55cb29aad9b0c173b5dd0f54e42c7.tar.gz
bugzilla-6df993a22dd55cb29aad9b0c173b5dd0f54e42c7.tar.xz
1 files changed, 1 insertions, 1 deletions
diff --git a/CGI.pl b/CGI.pl
index 75174dcba..bcd9a7f90 100644
--- a/CGI.pl
+++ b/CGI.pl
@@ -55,7 +55,7 @@ use vars qw($template $vars);
 # to the user about the downtime.  (do)editparams.cgi is exempted from
 # this message, of course, since it needs to be available in order for
 # the administrator to open Bugzilla back up.
-if (Param("shutdownhtml") && $0 !~ m:[\\/](do)?editparams.cgi$:) {
+if (Param("shutdownhtml") && $0 !~ m:(^|[\\/])(do)?editparams\.cgi$:) {
     $::vars->{'message'} = "shutdown";
     
     # Return the appropriate HTTP response headers.
author	jocuri%softhome.net <>	2003-10-08 04:15:35 +0200
committer	jocuri%softhome.net <>	2003-10-08 04:15:35 +0200
commit	6df993a22dd55cb29aad9b0c173b5dd0f54e42c7 (patch)
tree	8c800091c5828cb121788467a601acda4d15d5b2 /CGI.pl
parent	7976d7b56f91bd291bbc086b9bc48cd593592040 (diff)
download	bugzilla-6df993a22dd55cb29aad9b0c173b5dd0f54e42c7.tar.gz bugzilla-6df993a22dd55cb29aad9b0c173b5dd0f54e42c7.tar.xz