From: mkanat%bugzilla.org <>
Date: Tue, 12 Aug 2008 14:41:29 +0000 (+0000)
Subject: Bug 437169: [SECURITY] Local files on the server can be attached to a bug (making... 
X-Git-Tag: bugzilla-3.2rc1~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5a9a6a88105bd70cdc456b2bcbfb6b39afddbd6a;p=thirdparty%2Fbugzilla.git

Bug 437169: [SECURITY] Local files on the server can be attached to a bug (making them publicly visible) when importing bugs with -attach_path
Patch By Greg Hendricks <ghendricks@novell.com> r=LpSolit, a=mkanat
---

diff --git a/importxml.pl b/importxml.pl
index eaec9d99b9..6b0c043b4d 100755
--- a/importxml.pl
+++ b/importxml.pl
@@ -384,8 +384,13 @@ sub process_attachment() {
         elsif ($encoding =~ /filename/) {
             # read the attachment file
             Error("attach_path is required", undef) unless ($attach_path);
-            my $attach_filename = $attach_path . "/" . $attach->field('data');
-            open(ATTACH_FH, $attach_filename) or
+            
+            my $filename = $attach->field('data');
+            # Remove any leading path data from the filename
+            $filename =~ s/(.*\/|.*\\)//gs;
+            
+            my $attach_filename = $attach_path . "/" . $filename;
+            open(ATTACH_FH, "<", $attach_filename) or
                 Error("cannot open $attach_filename", undef);
             $attachment{'data'} = do { local $/; <ATTACH_FH> };
             close ATTACH_FH;