Bug 437169: [SECURITY] Local files on the server can be attached to a bug…

Bug 437169: [SECURITY] Local files on the server can be attached to a bug (making them publicly visible) when importing bugs with -attach_path Patch By Greg Hendricks <ghendricks@novell.com> r=LpSolit, a=mkanat

Bug 437169: [SECURITY] Local files on the server can be attached to a bug…
09a46476 · mkanat%bugzilla.org · b568a50e · 09a46476
Commit 09a46476 authored Aug 12, 2008 by mkanat%bugzilla.org
Hide whitespace changes
Inline Side-by-side

Showing with 7 additions and 2 deletions

importxml.pl importxml.pl +7 -2

No files found.
--- a/importxml.pl
+++ b/importxml.pl
@@ -384,8 +384,13 @@ sub process_attachment() {
        elsif ($encoding =~ /filename/) {
            # read the attachment file
            Error("attach_path is required", undef) unless ($attach_path);
-            my $attach_filename = $attach_path . "/" . $attach->field('data');
-            open(ATTACH_FH, $attach_filename) or
+            
+            my $filename = $attach->field('data');
+            # Remove any leading path data from the filename
+            $filename =~ s/(.*\/|.*\\)//gs;
+            
+            my $attach_filename = $attach_path . "/" . $filename;
+            open(ATTACH_FH, "<", $attach_filename) or
                Error("cannot open $attach_filename", undef);
            $attachment{'data'} = do { local $/; <ATTACH_FH> };
            close ATTACH_FH;