diff options
| author |   mkanat%bugzilla.org <> | 2008-08-12 14:41:57 +0000 |
|---|---|---|
| committer | mkanat%bugzilla.org <> | 2008-08-12 14:41:57 +0000 |
| commit | 44209cd76e1ed6ab63db970f9374ea8ba0492135 (patch) | |
| tree | 3d8a316b70441d6c9761a853f141c5eec22d6d0f | |
| parent | Bug 450193: The content of some custom fields may be copied into other custom... (diff) | |
| download | bugzilla-44209cd76e1ed6ab63db970f9374ea8ba0492135.tar.gz bugzilla-44209cd76e1ed6ab63db970f9374ea8ba0492135.tar.bz2 bugzilla-44209cd76e1ed6ab63db970f9374ea8ba0492135.zip | |
Bug 437169: [SECURITY] Local files on the server can be attached to a bug (making them publicly visible) when importing bugs with -attach_path
Patch By Greg Hendricks <ghendricks@novell.com> r=LpSolit, a=mkanat
| -rwxr-xr-x | importxml.pl | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/importxml.pl b/importxml.pl index 6e6f4a619..f62fdab00 100755 --- a/importxml.pl +++ b/importxml.pl @@ -379,8 +379,13 @@ sub process_attachment() { elsif ($encoding =~ /filename/) { # read the attachment file Error("attach_path is required", undef) unless ($attach_path); - my $attach_filename = $attach_path . "/" . $attach->field('data'); - open(ATTACH_FH, $attach_filename) or + + my $filename = $attach->field('data'); + # Remove any leading path data from the filename + $filename =~ s/(.*\/|.*\\)//gs; + + my $attach_filename = $attach_path . "/" . $filename; + open(ATTACH_FH, "<", $attach_filename) or Error("cannot open $attach_filename", undef); $attachment{'data'} = do { local $/; <ATTACH_FH> }; close ATTACH_FH; |