From: lpsolit%gmail.com <>
Date: Mon, 12 Dec 2005 11:02:01 +0000 (+0000)
Subject: Bug 319241: Bugzilla.pm is freely accessible from the web - Patch by Frédéric Buclin... 
X-Git-Tag: bugzilla-2.20.1~68
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8065c34bea1affda08160e5489a0d02b78159387;p=thirdparty%2Fbugzilla.git

Bug 319241: Bugzilla.pm is freely accessible from the web - Patch by Frédéric Buclin <LpSolit@gmail.com> r=myk a=justdave
---

diff --git a/checksetup.pl b/checksetup.pl
index 04e0583c54..98acb8f604 100755
--- a/checksetup.pl
+++ b/checksetup.pl
@@ -992,7 +992,7 @@ if ($my_create_htaccess) {
     open HTACCESS, '>', '.htaccess';
     print HTACCESS <<'END';
 # don't allow people to retrieve non-cgi executable files or our private data
-<FilesMatch ^(.*\.pl|.*localconfig.*)$>
+<FilesMatch ^(.*\.pm|.*\.pl|.*localconfig.*)$>
   deny from all
 </FilesMatch>
 <FilesMatch ^(localconfig.js|localconfig.rdf)$>
@@ -1009,7 +1009,15 @@ END
       $oldaccess .= $_;
     }
     close HTACCESS;
+    my $repaired = 0;
     if ($oldaccess =~ s/\|localconfig\|/\|.*localconfig.*\|/) {
+        $repaired = 1;
+    }
+    if ($oldaccess !~ /\(\.\*\\\.pm\|/) {
+        $oldaccess =~ s/\(/(.*\\.pm\|/;
+        $repaired = 1;
+    }
+    if ($repaired) {
       print "Repairing .htaccess...\n";
       open HTACCESS, '>', '.htaccess';
       print HTACCESS $oldaccess;