Bug 567981 - Restore ability for page.cgi pages to contain . characters, but don...

author Reed Loden <reed@reedloden.com>

Thu, 8 Jul 2010 21:53:13 +0000 (14:53 -0700)

committer Reed Loden <reed@reedloden.com>

Thu, 8 Jul 2010 21:53:13 +0000 (14:53 -0700)
author Reed Loden <reed@reedloden.com>
Thu, 8 Jul 2010 21:53:13 +0000 (14:53 -0700)
committer Reed Loden <reed@reedloden.com>
Thu, 8 Jul 2010 21:53:13 +0000 (14:53 -0700)
diff --git a/page.cgi b/page.cgi

index 5464789e7f1707c83a39c2f1396b3ab494a37b22..a6a198d8b2557ffd6e92c2acc9c0f0dbab23de1f 100755 (executable)
--- a/page.cgi
+++ b/page.cgi
@@ -66,9 +66,13 @@ my $template = Bugzilla->template;
  
  my $id = $cgi->param('id');
  if ($id) {
-    # Split into name and ctype, but be careful not to allow directory
-    # traversal.
-    $id =~ /^([\w\-\/]+)\.(\w+)$/;
+    # Be careful not to allow directory traversal.
+    if ($id =~ /\.\./) {
+        # two dots in a row is bad
+        ThrowCodeError("bad_page_cgi_id", { "page_id" => $id });
+    }
+    # Split into name and ctype.
+    $id =~ /^([\w\-\/\.]+)\.(\w+)$/;
      if (!$2) {
          # if this regexp fails to match completely, something bad came in
          ThrowCodeError("bad_page_cgi_id", { "page_id" => $id });
author	Reed Loden <reed@reedloden.com>
	Thu, 8 Jul 2010 21:53:13 +0000 (14:53 -0700)
committer	Reed Loden <reed@reedloden.com>
	Thu, 8 Jul 2010 21:53:13 +0000 (14:53 -0700)