From 300f1db2e55f177623db677db270946256e128d8 Mon Sep 17 00:00:00 2001
From: Max Kanat-Alexander <mkanat@bugzilla.org>
Date: Mon, 8 Feb 2010 15:50:56 -0800
Subject: Bug 544990: Allow directory names in page.cgi ids r=LpSolit, a=mkanat

---
 page.cgi | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'page.cgi')

diff --git a/page.cgi b/page.cgi
index cd6cb611e..9326229a5 100755
--- a/page.cgi
+++ b/page.cgi
@@ -66,9 +66,9 @@ my $template = Bugzilla->template;
 
 my $id = $cgi->param('id');
 if ($id) {
-    # Remove all dodgy chars, and split into name and ctype.
-    $id =~ s/[^\w\-\.]//g;
-    $id =~ /(.*)\.(.*)/;
+    # Split into name and ctype, but be careful not to allow directory
+    # traversal.
+    $id =~ /^([\w\-\/]+)\.(\w+)$/;
     if (!$2) {
         # if this regexp fails to match completely, something bad came in
         ThrowCodeError("bad_page_cgi_id", { "page_id" => $id });
-- 
cgit v1.2.3-24-g4f1b