From: Reed Loden <reed@reedloden.com>
Date: Thu, 8 Jul 2010 21:53:50 +0000 (-0700)
Subject: Bug 567981 - Restore ability for page.cgi pages to contain . characters, but don... 
X-Git-Tag: bugzilla-3.6.2~35
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f28ca750f553fbfafbfa54c23aa064679116ddd6;p=thirdparty%2Fbugzilla.git

Bug 567981 - Restore ability for page.cgi pages to contain . characters, but don't permit '..' at all.
[r=mkanat a=mkanat]
---

diff --git a/page.cgi b/page.cgi
index 9326229a5d..33feae9197 100755
--- a/page.cgi
+++ b/page.cgi
@@ -66,9 +66,13 @@ my $template = Bugzilla->template;
 
 my $id = $cgi->param('id');
 if ($id) {
-    # Split into name and ctype, but be careful not to allow directory
-    # traversal.
-    $id =~ /^([\w\-\/]+)\.(\w+)$/;
+    # Be careful not to allow directory traversal.
+    if ($id =~ /\.\./) {
+        # two dots in a row is bad
+        ThrowCodeError("bad_page_cgi_id", { "page_id" => $id });
+    }
+    # Split into name and ctype.
+    $id =~ /^([\w\-\/\.]+)\.(\w+)$/;
     if (!$2) {
         # if this regexp fails to match completely, something bad came in
         ThrowCodeError("bad_page_cgi_id", { "page_id" => $id });