From b4c02643fcf1586496bafcdda50e8219dc3fa0df Mon Sep 17 00:00:00 2001
From: "bbaetz%student.usyd.edu.au" <>
Date: Tue, 4 Jun 2002 12:47:27 +0000
Subject: Bug 143574 - taint errors with alternate formats. Also make
 data/template writable for non webservergroup users. r=myk, justdave

---
 checksetup.pl |  6 +++++-
 globals.pl    | 10 +++++++++-
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/checksetup.pl b/checksetup.pl
index 4b6a23f27..0f9e2328f 100755
--- a/checksetup.pl
+++ b/checksetup.pl
@@ -841,6 +841,8 @@ END
     if (-e 'data/template') {
         unless (-d 'data/template' && -e 'data/template/.lastRebuild' &&
                 (stat('data/template/.lastRebuild'))[9] >= $lastTemplateParamChange) {
+            print "Removing existing compiled templates ...\n";
+
             # If File::Path::rmtree reported errors, then I'd use that
             use File::Find;
             sub remove {
@@ -904,6 +906,8 @@ END
     }
 
     {
+        print "Precompiling templates ...\n";
+
         use File::Find;
 
         use Cwd;
@@ -1089,7 +1093,7 @@ if ($my_webservergroup) {
     my $gid = (split " ", $()[0];
     fixPerms('.htaccess', $<, $gid, 022); # glob('*') doesn't catch dotfiles
     fixPerms('data/.htaccess', $<, $gid, 022);
-    fixPerms('data/template', $<, $gid, 022, 1);
+    fixPerms('data/template', $<, $gid, 000, 1); # webserver will write to these
     fixPerms('data/webdot/.htaccess', $<, $gid, 022);
     fixPerms('data/params', $<, $gid, 011);
     fixPerms('*', $<, $gid, 022);
diff --git a/globals.pl b/globals.pl
index 637955bd6..99af6ffa4 100644
--- a/globals.pl
+++ b/globals.pl
@@ -1680,7 +1680,15 @@ sub GetOutputFormats {
         # Loop over each file in the sub-directory looking for format files
         # (files whose name looks like SCRIPT-FORMAT.EXT.tmpl).
         foreach my $file (@files) {
-            if ($file =~ /^\Q$script\E-(.+)\.(.+)\.(tmpl)$/) {
+            if ($file =~ /^\Q$script\E-(.+)\.(.+)\.tmpl$/) {
+                # This must be a valid file
+                # If an attacker could add a previously unused format
+                # type to trick us into running it, then they could just
+                # change an existing one...
+                # (This implies that running without a webservergroup is
+                # insecure, but that is the case anyway)
+                trick_taint($file);
+
                 $formats->{$1} = { 
                   'template'    => $file , 
                   'extension'   => $2 , 
-- 
cgit v1.2.3-24-g4f1b