diff options
| author |   Max Kanat-Alexander <mkanat@bugzilla.org> | 2010-02-08 15:50:56 -0800 |
|---|---|---|
| committer | Max Kanat-Alexander <mkanat@bugzilla.org> | 2010-02-08 15:50:56 -0800 |
| commit | 300f1db2e55f177623db677db270946256e128d8 (patch) | |
| tree | 0bd4b01a3652665a06cf71792dd79806de0d821a /page.cgi | |
| parent | Bug 520993: If the "FIXED" resolution was a visibility or value controller, t... (diff) | |
| download | bugzilla-300f1db2e55f177623db677db270946256e128d8.tar.gz bugzilla-300f1db2e55f177623db677db270946256e128d8.tar.bz2 bugzilla-300f1db2e55f177623db677db270946256e128d8.zip | |
Bug 544990: Allow directory names in page.cgi ids
r=LpSolit, a=mkanat
Diffstat (limited to 'page.cgi')
| -rwxr-xr-x | page.cgi | 6 |
1 files changed, 3 insertions, 3 deletions
@@ -66,9 +66,9 @@ my $template = Bugzilla->template; my $id = $cgi->param('id'); if ($id) { - # Remove all dodgy chars, and split into name and ctype. - $id =~ s/[^\w\-\.]//g; - $id =~ /(.*)\.(.*)/; + # Split into name and ctype, but be careful not to allow directory + # traversal. + $id =~ /^([\w\-\/]+)\.(\w+)$/; if (!$2) { # if this regexp fails to match completely, something bad came in ThrowCodeError("bad_page_cgi_id", { "page_id" => $id }); |