summaryrefslogtreecommitdiffstats
path: root/page.cgi
diff options
context:
space:
mode:
authorReed Loden <reed@reedloden.com>2010-07-08 23:51:28 +0200
committerReed Loden <reed@reedloden.com>2010-07-08 23:51:28 +0200
commit124c46d598baca86873cf6cccab7ec64b5a599d5 (patch)
treefd13b920fdf750a0504772becf9f854af822b6be /page.cgi
parent383374778c025aebb1aaff1658b4024f0d0a58f7 (diff)
downloadbugzilla-124c46d598baca86873cf6cccab7ec64b5a599d5.tar.gz
bugzilla-124c46d598baca86873cf6cccab7ec64b5a599d5.tar.xz
Bug 567981 - Restore ability for page.cgi pages to contain . characters, but don't permit '..' at all.
[r=mkanat a=mkanat]
Diffstat (limited to 'page.cgi')
-rwxr-xr-xpage.cgi10
1 files changed, 7 insertions, 3 deletions
diff --git a/page.cgi b/page.cgi
index 5464789e7..a6a198d8b 100755
--- a/page.cgi
+++ b/page.cgi
@@ -66,9 +66,13 @@ my $template = Bugzilla->template;
my $id = $cgi->param('id');
if ($id) {
- # Split into name and ctype, but be careful not to allow directory
- # traversal.
- $id =~ /^([\w\-\/]+)\.(\w+)$/;
+ # Be careful not to allow directory traversal.
+ if ($id =~ /\.\./) {
+ # two dots in a row is bad
+ ThrowCodeError("bad_page_cgi_id", { "page_id" => $id });
+ }
+ # Split into name and ctype.
+ $id =~ /^([\w\-\/\.]+)\.(\w+)$/;
if (!$2) {
# if this regexp fails to match completely, something bad came in
ThrowCodeError("bad_page_cgi_id", { "page_id" => $id });