Bug 213384: shutdownhtml login bypass via editparams.cgi is broken under suexec....

author jocuri%softhome.net <>

Wed, 8 Oct 2003 02:37:09 +0000 (02:37 +0000)

committer jocuri%softhome.net <>

Wed, 8 Oct 2003 02:37:09 +0000 (02:37 +0000)
author jocuri%softhome.net <>
Wed, 8 Oct 2003 02:37:09 +0000 (02:37 +0000)
committer jocuri%softhome.net <>
Wed, 8 Oct 2003 02:37:09 +0000 (02:37 +0000)
diff --git a/CGI.pl b/CGI.pl

index de983122b14eabb4c126c455b502df0168bfd10a..b3e879a2d8d928729ed85d77eaae237d2e88efdc 100644 (file)
--- a/CGI.pl
+++ b/CGI.pl
@@ -58,7 +58,7 @@ use vars qw($template $vars);
  # to the user about the downtime.  (do)editparams.cgi is exempted from
  # this message, of course, since it needs to be available in order for
  # the administrator to open Bugzilla back up.
-if (Param("shutdownhtml") && $0 !~ m:[\\/](do)?editparams.cgi$:) {
+if (Param("shutdownhtml") && $0 !~ m:(^|[\\/])(do)?editparams\.cgi$:) {
      # The shut down message we are going to display to the user.
      $::vars->{'title'} = "Bugzilla is Down";
      $::vars->{'h1'} = "Bugzilla is Down";
author	jocuri%softhome.net <>
	Wed, 8 Oct 2003 02:37:09 +0000 (02:37 +0000)
committer	jocuri%softhome.net <>
	Wed, 8 Oct 2003 02:37:09 +0000 (02:37 +0000)