From 9a80c1fffa48ef6d9301ba64a9bd02b4d5448dc2 Mon Sep 17 00:00:00 2001
From: Reed Loden <reed@reedloden.com>
Date: Mon, 1 Feb 2010 13:27:08 -0800
Subject: Bug 434801: [SECURITY] .htaccess doesn't prevent reading
 old-params.txt from the web Patch by Reed Loden <reed@reedloden.com> r=mkanat
 a=LpSolit

---
 Bugzilla/Install/Filesystem.pm | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'Bugzilla/Install/Filesystem.pm')

diff --git a/Bugzilla/Install/Filesystem.pm b/Bugzilla/Install/Filesystem.pm
index 99f71d989..44c34718e 100644
--- a/Bugzilla/Install/Filesystem.pm
+++ b/Bugzilla/Install/Filesystem.pm
@@ -139,6 +139,7 @@ sub FILESYSTEM {
         'docs/*/README.docs'   => { perms => $owner_readable },
         "$datadir/bugzilla-update.xml" => { perms => $ws_writeable },
         "$datadir/params" => { perms => $ws_writeable },
+        "$datadir/old-params.txt" => { perms => $owner_readable },
         "$extensionsdir/create.pl" => { perms => $owner_executable },
     );
 
@@ -369,6 +370,12 @@ sub update_filesystem {
         _rename_file($testfile, "$testfile.old");
     }
 
+    # If old-params.txt exists in the root directory, move it to datadir.
+    my $oldparamsfile = "old_params.txt";
+    if (-e $oldparamsfile) {
+        _rename_file($oldparamsfile, "$datadir/$oldparamsfile");
+    }
+
     _create_files(%files);
     if ($params->{index_html}) {
         _create_files(%{$fs->{index_html}});
-- 
cgit v1.2.3-24-g4f1b