From: lpsolit%gmail.com <>
Date: Mon, 12 Dec 2005 10:55:46 +0000 (+0000)
Subject: Bug 319241: Bugzilla.pm is freely accessible from the web - Patch by Frédéric Buclin... 
X-Git-Tag: bugzilla-2.22rc1~105
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=545a57e3d1866c18cce29dae67da2bd48e775ef0;p=thirdparty%2Fbugzilla.git

Bug 319241: Bugzilla.pm is freely accessible from the web - Patch by Frédéric Buclin <LpSolit@gmail.com> r/a=myk
---

diff --git a/checksetup.pl b/checksetup.pl
index 5d901b646b..614d1d7aa7 100755
--- a/checksetup.pl
+++ b/checksetup.pl
@@ -1014,7 +1014,7 @@ if ($my_create_htaccess) {
     open HTACCESS, '>', '.htaccess';
     print HTACCESS <<'END';
 # don't allow people to retrieve non-cgi executable files or our private data
-<FilesMatch ^(.*\.pl|.*localconfig.*)$>
+<FilesMatch ^(.*\.pm|.*\.pl|.*localconfig.*)$>
   deny from all
 </FilesMatch>
 END
@@ -1028,7 +1028,15 @@ END
       $oldaccess .= $_;
     }
     close HTACCESS;
+    my $repaired = 0;
     if ($oldaccess =~ s/\|localconfig\|/\|.*localconfig.*\|/) {
+        $repaired = 1;
+    }
+    if ($oldaccess !~ /\(\.\*\\\.pm\|/) {
+        $oldaccess =~ s/\(/(.*\\.pm\|/;
+        $repaired = 1;
+    }
+    if ($repaired) {
       print "Repairing .htaccess...\n";
       open HTACCESS, '>', '.htaccess';
       print HTACCESS $oldaccess;