diff options
| author |   mkanat%bugzilla.org <> | 2008-08-12 14:41:11 +0000 |
|---|---|---|
| committer | mkanat%bugzilla.org <> | 2008-08-12 14:41:11 +0000 |
| commit | 09a4647650851390eeef594c6b56ca61d04d6d1b (patch) | |
| tree | 8a0f343b3aeb0315b567b5d78d0b65e7d5889bc8 /importxml.pl | |
| parent | Fix a small HTML error in the Release Notes. (diff) | |
| download | bugzilla-09a4647650851390eeef594c6b56ca61d04d6d1b.tar.gz bugzilla-09a4647650851390eeef594c6b56ca61d04d6d1b.tar.bz2 bugzilla-09a4647650851390eeef594c6b56ca61d04d6d1b.zip | |
Bug 437169: [SECURITY] Local files on the server can be attached to a bug (making them publicly visible) when importing bugs with -attach_path
Patch By Greg Hendricks <ghendricks@novell.com> r=LpSolit, a=mkanat
Diffstat (limited to 'importxml.pl')
| -rwxr-xr-x | importxml.pl | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/importxml.pl b/importxml.pl index eaec9d99b..6b0c043b4 100755 --- a/importxml.pl +++ b/importxml.pl @@ -384,8 +384,13 @@ sub process_attachment() { elsif ($encoding =~ /filename/) { # read the attachment file Error("attach_path is required", undef) unless ($attach_path); - my $attach_filename = $attach_path . "/" . $attach->field('data'); - open(ATTACH_FH, $attach_filename) or + + my $filename = $attach->field('data'); + # Remove any leading path data from the filename + $filename =~ s/(.*\/|.*\\)//gs; + + my $attach_filename = $attach_path . "/" . $filename; + open(ATTACH_FH, "<", $attach_filename) or Error("cannot open $attach_filename", undef); $attachment{'data'} = do { local $/; <ATTACH_FH> }; close ATTACH_FH; |