summaryrefslogtreecommitdiffstats
path: root/page.cgi
diff options
context:
space:
mode:
authorMax Kanat-Alexander <mkanat@bugzilla.org>2010-02-09 00:50:56 +0100
committerMax Kanat-Alexander <mkanat@bugzilla.org>2010-02-09 00:50:56 +0100
commit300f1db2e55f177623db677db270946256e128d8 (patch)
tree0bd4b01a3652665a06cf71792dd79806de0d821a /page.cgi
parent55179a93a14e5002e8f862bc6b2c594f625e1565 (diff)
downloadbugzilla-300f1db2e55f177623db677db270946256e128d8.tar.gz
bugzilla-300f1db2e55f177623db677db270946256e128d8.tar.xz
Bug 544990: Allow directory names in page.cgi ids
r=LpSolit, a=mkanat
Diffstat (limited to 'page.cgi')
-rwxr-xr-xpage.cgi6
1 files changed, 3 insertions, 3 deletions
diff --git a/page.cgi b/page.cgi
index cd6cb611e..9326229a5 100755
--- a/page.cgi
+++ b/page.cgi
@@ -66,9 +66,9 @@ my $template = Bugzilla->template;
my $id = $cgi->param('id');
if ($id) {
- # Remove all dodgy chars, and split into name and ctype.
- $id =~ s/[^\w\-\.]//g;
- $id =~ /(.*)\.(.*)/;
+ # Split into name and ctype, but be careful not to allow directory
+ # traversal.
+ $id =~ /^([\w\-\/]+)\.(\w+)$/;
if (!$2) {
# if this regexp fails to match completely, something bad came in
ThrowCodeError("bad_page_cgi_id", { "page_id" => $id });