From: jocuri%softhome.net <>
Date: Wed, 8 Oct 2003 02:37:09 +0000 (+0000)
Subject: Bug 213384: shutdownhtml login bypass via editparams.cgi is broken under suexec.... 
X-Git-Tag: bugzilla-2.16.4~17
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=795ebc487667cd4edcf224121e57880c4e599891;p=thirdparty%2Fbugzilla.git

Bug 213384: shutdownhtml login bypass via editparams.cgi is broken under suexec. r=kiko, a=justdave
---

diff --git a/CGI.pl b/CGI.pl
index de983122b1..b3e879a2d8 100644
--- a/CGI.pl
+++ b/CGI.pl
@@ -58,7 +58,7 @@ use vars qw($template $vars);
 # to the user about the downtime.  (do)editparams.cgi is exempted from
 # this message, of course, since it needs to be available in order for
 # the administrator to open Bugzilla back up.
-if (Param("shutdownhtml") && $0 !~ m:[\\/](do)?editparams.cgi$:) {
+if (Param("shutdownhtml") && $0 !~ m:(^|[\\/])(do)?editparams\.cgi$:) {
     # The shut down message we are going to display to the user.
     $::vars->{'title'} = "Bugzilla is Down";
     $::vars->{'h1'} = "Bugzilla is Down";