Skip to content

bugzilla
bugzilla
Commit 2a609ad5 authored by bbaetz%student.usyd.edu.au's avatar bbaetz%student.usyd.edu.au
Browse files
Options

bug 155861 - showdependancygraph.cgi fails taint check with local dot

installation r=gerv, myk
parent 75082eeb
Hide whitespace changes
Inline Side-by-side
Showing with 25 additions and 12 deletions
checksetup.pl
View file @ 2a609ad5
...@@ -640,8 +640,8 @@ $::ENV{'PATH'} = $origPath; ...@@ -640,8 +640,8 @@ $::ENV{'PATH'} = $origPath;
unless (-d 'data') { unless (-d 'data') {
print "Creating data directory ...\n"; print "Creating data directory ...\n";
# permissions for non-webservergroup are fixed later on # permissions for non-webservergroup are fixed later on
mkdir 'data', 0770; mkdir 'data', 0770;
mkdir 'data/mimedump-tmp', 01777; mkdir 'data/mimedump-tmp', 01777;
open FILE, '>>data/comments'; close FILE; open FILE, '>>data/comments'; close FILE;
open FILE, '>>data/nomail'; close FILE; open FILE, '>>data/nomail'; close FILE;
open FILE, '>>data/mail'; close FILE; open FILE, '>>data/mail'; close FILE;
...@@ -726,7 +726,16 @@ unless (-d 'graphs') { ...@@ -726,7 +726,16 @@ unless (-d 'graphs') {
close(IN); close(IN);
close(OUT); close(OUT);
} }
}
unless (-d 'data/mining') {
mkdir 'data/mining', 0700;
}
unless (-d 'data/webdot') {
# perms/ownership are fixed up later
mkdir 'data/webdot', 0700;
} }
if ($my_create_htaccess) { if ($my_create_htaccess) {
...@@ -771,10 +780,6 @@ END ...@@ -771,10 +780,6 @@ END
chmod $fileperm, "template/.htaccess"; chmod $fileperm, "template/.htaccess";
} }
if (!-e "data/webdot/.htaccess") { if (!-e "data/webdot/.htaccess") {
if (!-d "data/webdot") {
mkdir "data/webdot", $dirperm;
chmod $dirperm, "data/webdot"; # the perms on mkdir don't seem to apply for some reason...
}
print "Creating data/webdot/.htaccess...\n"; print "Creating data/webdot/.htaccess...\n";
open HTACCESS, ">data/webdot/.htaccess"; open HTACCESS, ">data/webdot/.htaccess";
print HTACCESS <<'END'; print HTACCESS <<'END';
...@@ -1073,7 +1078,10 @@ if ($my_webservergroup) { ...@@ -1073,7 +1078,10 @@ if ($my_webservergroup) {
# userid. # userid.
fixPerms('.htaccess', $<, $webservergid, 027); # glob('*') doesn't catch dotfiles fixPerms('.htaccess', $<, $webservergid, 027); # glob('*') doesn't catch dotfiles
fixPerms('data/.htaccess', $<, $webservergid, 027); fixPerms('data/.htaccess', $<, $webservergid, 027);
fixPerms('data/duplicates', $<, $webservergid, 027, 1);
fixPerms('data/mining', $<, $webservergid, 027, 1);
fixPerms('data/template', $<, $webservergid, 007, 1); # webserver will write to these fixPerms('data/template', $<, $webservergid, 007, 1); # webserver will write to these
fixPerms('data/webdot', $<, $webservergid, 007, 1);
fixPerms('data/webdot/.htaccess', $<, $webservergid, 027); fixPerms('data/webdot/.htaccess', $<, $webservergid, 027);
fixPerms('data/params', $<, $webservergid, 017); fixPerms('data/params', $<, $webservergid, 017);
fixPerms('*', $<, $webservergid, 027); fixPerms('*', $<, $webservergid, 027);
...@@ -1093,7 +1101,11 @@ if ($my_webservergroup) { ...@@ -1093,7 +1101,11 @@ if ($my_webservergroup) {
my $gid = (split " ", $()[0]; my $gid = (split " ", $()[0];
fixPerms('.htaccess', $<, $gid, 022); # glob('*') doesn't catch dotfiles fixPerms('.htaccess', $<, $gid, 022); # glob('*') doesn't catch dotfiles
fixPerms('data/.htaccess', $<, $gid, 022); fixPerms('data/.htaccess', $<, $gid, 022);
fixPerms('data/duplicates', $<, $gid, 022, 1);
fixPerms('data/mining', $<, $gid, 022, 1);
fixPerms('data/template', $<, $gid, 000, 1); # webserver will write to these fixPerms('data/template', $<, $gid, 000, 1); # webserver will write to these
fixPerms('data/webdot', $<, $gid, 000, 1);
chmod 01777, 'data/webdot';
fixPerms('data/webdot/.htaccess', $<, $gid, 022); fixPerms('data/webdot/.htaccess', $<, $gid, 022);
fixPerms('data/params', $<, $gid, 011); fixPerms('data/params', $<, $gid, 011);
fixPerms('*', $<, $gid, 022); fixPerms('*', $<, $gid, 022);
......
showdependencygraph.cgi
View file @ 2a609ad5
...@@ -75,8 +75,6 @@ if (!defined($::FORM{'id'}) && !defined($::FORM{'doall'})) { ...@@ -75,8 +75,6 @@ if (!defined($::FORM{'id'}) && !defined($::FORM{'doall'})) {
exit; exit;
} }
mkdir("data/webdot", 0777);
my $filename = "data/webdot/$$.dot"; my $filename = "data/webdot/$$.dot";
my $urlbase = Param('urlbase'); my $urlbase = Param('urlbase');
...@@ -189,10 +187,13 @@ if ($webdotbase =~ /^https?:/) { ...@@ -189,10 +187,13 @@ if ($webdotbase =~ /^https?:/) {
# Cleanup any old .dot files created from previous runs. # Cleanup any old .dot files created from previous runs.
my $since = time() - 24 * 60 * 60; my $since = time() - 24 * 60 * 60;
foreach my $f (glob("data/webdot/*.dot # Can't use glob, since even calling that fails taint checks for perl < 5.6
data/webdot/*.png opendir(DIR, "data/webdot/");
data/webdot/*.map")) my @files = grep { /\.dot$|\.png$|\.map$/ && -f "data/webdot/$_" } readdir(DIR);
closedir DIR;
foreach my $f (@files)
{ {
$f = "data/webdot/$f";
# Here we are deleting all old files. All entries are from the # Here we are deleting all old files. All entries are from the
# data/webdot/ directory. Since we're deleting the file (not following # data/webdot/ directory. Since we're deleting the file (not following
# symlinks), this can't escape to delete anything it shouldn't # symlinks), this can't escape to delete anything it shouldn't
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment