From 2eaa1ccd24f2c8050eec838454eb1dbef9f344b8 Mon Sep 17 00:00:00 2001
From: Dylan William Hardison <dylan@hardison.net>
Date: Tue, 27 Feb 2018 22:00:58 -0500
Subject: Bug 1437646 - Add confdir to bz_locations

---
 Bugzilla/Constants.pm          | 6 +++++-
 Bugzilla/Install/Filesystem.pm | 6 ++++++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/Bugzilla/Constants.pm b/Bugzilla/Constants.pm
index 695f2fede..00f0f8104 100644
--- a/Bugzilla/Constants.pm
+++ b/Bugzilla/Constants.pm
@@ -659,18 +659,21 @@ sub _bz_locations {
     $libpath =~ /(.*)/;
     $libpath = $1;
 
-    my ($localconfig, $datadir);
+    my ($localconfig, $datadir, $confdir);
     if ($project && $project =~ /^(\w+)$/) {
         $project = $1;
         $localconfig = "localconfig.$project";
         $datadir = "data/$project";
+        $confdir = "conf/$project";
     } else {
         $project = undef;
         $localconfig = "localconfig";
         $datadir = "data";
+        $confdir = "conf";
     }
 
     $datadir = "$libpath/$datadir";
+    $confdir = "$libpath/$confdir";
     # We have to return absolute paths for mod_perl.
     # That means that if you modify these paths, they must be absolute paths.
     return {
@@ -698,6 +701,7 @@ sub _bz_locations {
         'assetsdir'      => "$datadir/assets",
         # error_reports store error/warnings destined for sentry
         'error_reports'  => "$libpath/error_reports",
+        'confdir'        => $confdir,
     };
 }
 
diff --git a/Bugzilla/Install/Filesystem.pm b/Bugzilla/Install/Filesystem.pm
index e1e9a47d7..cbec34bdc 100644
--- a/Bugzilla/Install/Filesystem.pm
+++ b/Bugzilla/Install/Filesystem.pm
@@ -173,6 +173,7 @@ sub DIR_ALSO_WS_SERVE { _suexec() ? 0001 : 0 };
 # when exploiting some security flaw somewhere (not necessarily in Bugzilla!)
 sub FILESYSTEM {
     my $datadir        = bz_locations()->{'datadir'};
+    my $confdir        = bz_locations()->{'confdir'};
     my $attachdir      = bz_locations()->{'attachdir'};
     my $extensionsdir  = bz_locations()->{'extensionsdir'};
     my $webdotdir      = bz_locations()->{'webdotdir'};
@@ -320,6 +321,8 @@ sub FILESYSTEM {
                                      dirs => DIR_WS_SERVE },
          "$extensionsdir/*/web" => { files => WS_SERVE,
                                      dirs => DIR_WS_SERVE },
+         $confdir               => { files => WS_SERVE,
+                                     dirs => DIR_WS_SERVE, },
 
          # Purpose: allow webserver to read .bzr so we execute bzr commands
          # in backticks and look at the result over the web. Used to show
@@ -364,6 +367,7 @@ sub FILESYSTEM {
         # Directories that contain content served directly by the web server.
         "$skinsdir/custom"      => DIR_WS_SERVE,
         "$skinsdir/contrib"     => DIR_WS_SERVE,
+        $confdir                => DIR_CGI_READ,
     );
 
     my $yui_all_css = sub {
@@ -458,6 +462,8 @@ sub FILESYSTEM {
                                           contents => HT_DEFAULT_DENY },
         'httpd/.htaccess'            => { perms    => WS_SERVE,
                                           contents => HT_DEFAULT_DENY },
+        "$confdir/.htaccess"         => { perms    => WS_SERVE,
+                                          contents => HT_DEFAULT_DENY },
         "$datadir/.htaccess"         => { perms    => WS_SERVE,
                                           contents => HT_DEFAULT_DENY },
         "$error_reports/.htaccess"   => { perms    => WS_SERVE,
-- 
cgit v1.2.3-24-g4f1b