From 2eaa1ccd24f2c8050eec838454eb1dbef9f344b8 Mon Sep 17 00:00:00 2001 From: Dylan William Hardison Date: Tue, 27 Feb 2018 22:00:58 -0500 Subject: Bug 1437646 - Add confdir to bz_locations --- Bugzilla/Install/Filesystem.pm | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'Bugzilla/Install') diff --git a/Bugzilla/Install/Filesystem.pm b/Bugzilla/Install/Filesystem.pm index e1e9a47d7..cbec34bdc 100644 --- a/Bugzilla/Install/Filesystem.pm +++ b/Bugzilla/Install/Filesystem.pm @@ -173,6 +173,7 @@ sub DIR_ALSO_WS_SERVE { _suexec() ? 0001 : 0 }; # when exploiting some security flaw somewhere (not necessarily in Bugzilla!) sub FILESYSTEM { my $datadir = bz_locations()->{'datadir'}; + my $confdir = bz_locations()->{'confdir'}; my $attachdir = bz_locations()->{'attachdir'}; my $extensionsdir = bz_locations()->{'extensionsdir'}; my $webdotdir = bz_locations()->{'webdotdir'}; @@ -320,6 +321,8 @@ sub FILESYSTEM { dirs => DIR_WS_SERVE }, "$extensionsdir/*/web" => { files => WS_SERVE, dirs => DIR_WS_SERVE }, + $confdir => { files => WS_SERVE, + dirs => DIR_WS_SERVE, }, # Purpose: allow webserver to read .bzr so we execute bzr commands # in backticks and look at the result over the web. Used to show @@ -364,6 +367,7 @@ sub FILESYSTEM { # Directories that contain content served directly by the web server. "$skinsdir/custom" => DIR_WS_SERVE, "$skinsdir/contrib" => DIR_WS_SERVE, + $confdir => DIR_CGI_READ, ); my $yui_all_css = sub { @@ -458,6 +462,8 @@ sub FILESYSTEM { contents => HT_DEFAULT_DENY }, 'httpd/.htaccess' => { perms => WS_SERVE, contents => HT_DEFAULT_DENY }, + "$confdir/.htaccess" => { perms => WS_SERVE, + contents => HT_DEFAULT_DENY }, "$datadir/.htaccess" => { perms => WS_SERVE, contents => HT_DEFAULT_DENY }, "$error_reports/.htaccess" => { perms => WS_SERVE, -- cgit v1.2.3-24-g4f1b