From e5b9aa6ef469adb5db2ff4b7575342bd79fd450a Mon Sep 17 00:00:00 2001 From: David Lawrence Date: Tue, 1 Mar 2016 08:13:53 -0500 Subject: Bug 1252216 - Push extension configuration is vulnerable to CSRF and potentially code execution --- extensions/Push/lib/Connector/File.pm | 2 ++ 1 file changed, 2 insertions(+) (limited to 'extensions/Push/lib/Connector/File.pm') diff --git a/extensions/Push/lib/Connector/File.pm b/extensions/Push/lib/Connector/File.pm index 2a8f4193d..563a78567 100644 --- a/extensions/Push/lib/Connector/File.pm +++ b/extensions/Push/lib/Connector/File.pm @@ -34,6 +34,8 @@ sub options { my $filename = shift; $filename =~ m#^/# && die "Absolute paths are not permitted\n"; + $filename =~ m#\.\.# + && die "Relative paths are not permitted\n"; }, }, ); -- cgit v1.2.3-24-g4f1b