[freeside-commits] freeside/rt/bin fastcgi_server, 1.1.1.1, 1.1.1.1.4.1 mason_handler.fcgi, 1.6.4.1, 1.6.4.2 mason_handler.scgi, 1.6.4.1, 1.6.4.2 mason_handler.svc, 1.4.4.1, 1.4.4.2 rt-mailgate, 1.5.4.3, 1.5.4.4 rt-mailgate.in, 1.1.1.9.4.1, 1.1.1.9.4.2

Ivan,,, ivan at wavetail.420.am
Mon Apr 18 17:23:58 PDT 2011


Update of /home/cvs/cvsroot/freeside/rt/bin
In directory wavetail.420.am:/tmp/cvs-serv5016/bin

Modified Files:
      Tag: FREESIDE_2_1_BRANCH
	fastcgi_server mason_handler.fcgi mason_handler.scgi 
	mason_handler.svc rt-mailgate rt-mailgate.in 
Log Message:
landing 3.8.10 on 2.1 branch

Index: rt-mailgate.in
===================================================================
RCS file: /home/cvs/cvsroot/freeside/rt/bin/rt-mailgate.in,v
retrieving revision 1.1.1.9.4.1
retrieving revision 1.1.1.9.4.2
diff -u -w -d -r1.1.1.9.4.1 -r1.1.1.9.4.2
--- rt-mailgate.in	14 Apr 2011 19:11:42 -0000	1.1.1.9.4.1
+++ rt-mailgate.in	19 Apr 2011 00:23:56 -0000	1.1.1.9.4.2
@@ -186,7 +186,7 @@
         print STDERR "$0: Couldn't create temp file, using memory\n";
         print STDERR "error: $@\n" if $@;
 
-        my $message = \do { local (@ARGV, $/); <> };
+        my $message = \do { local (@ARGV, $/); <STDIN> };
         unless ( $$message =~ /\S/ ) {
             print STDERR "$0: no message passed on STDIN\n";
             exit 0;

Index: fastcgi_server
===================================================================
RCS file: /home/cvs/cvsroot/freeside/rt/bin/fastcgi_server,v
retrieving revision 1.1.1.1
retrieving revision 1.1.1.1.4.1
diff -u -w -d -r1.1.1.1 -r1.1.1.1.4.1
--- fastcgi_server	18 May 2010 18:45:11 -0000	1.1.1.1
+++ fastcgi_server	19 Apr 2011 00:23:56 -0000	1.1.1.1.4.1
@@ -231,6 +231,18 @@
     Module::Refresh->refresh if RT->Config->Get('DevelMode');
     RT::ConnectToDatabase();
 
+    # Each environment has its own way of handling .. and so on in paths,
+    # so RT consistently forbids such paths.
+    if ( $cgi->path_info =~ m{/\.} ) {
+        $RT::Logger->crit("Invalid request for ".$cgi->path_info." aborting");
+        print STDOUT "HTTP/1.0 400\r\n\r\n";
+
+        RT::Interface::Web::Handler->CleanupRequest();
+        $proc_manager->pm_post_dispatch;
+
+        next;
+    }
+
     my $interp = $RT::Mason::Handler->interp;
     if (
         !$interp->comp_exists( $cgi->path_info )

Index: rt-mailgate
===================================================================
RCS file: /home/cvs/cvsroot/freeside/rt/bin/rt-mailgate,v
retrieving revision 1.5.4.3
retrieving revision 1.5.4.4
diff -u -w -d -r1.5.4.3 -r1.5.4.4
--- rt-mailgate	14 Apr 2011 19:12:17 -0000	1.5.4.3
+++ rt-mailgate	19 Apr 2011 00:23:56 -0000	1.5.4.4
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/perl -w
 # BEGIN BPS TAGGED BLOCK {{{
 # 
 # COPYRIGHT:
@@ -186,7 +186,7 @@
         print STDERR "$0: Couldn't create temp file, using memory\n";
         print STDERR "error: $@\n" if $@;
 
-        my $message = \do { local (@ARGV, $/); <> };
+        my $message = \do { local (@ARGV, $/); <STDIN> };
         unless ( $$message =~ /\S/ ) {
             print STDERR "$0: no message passed on STDIN\n";
             exit 0;

Index: mason_handler.svc
===================================================================
RCS file: /home/cvs/cvsroot/freeside/rt/bin/mason_handler.svc,v
retrieving revision 1.4.4.1
retrieving revision 1.4.4.2
diff -u -w -d -r1.4.4.1 -r1.4.4.2
--- mason_handler.svc	8 Apr 2011 23:13:48 -0000	1.4.4.1
+++ mason_handler.svc	19 Apr 2011 00:23:56 -0000	1.4.4.2
@@ -234,6 +234,17 @@
 while( my $cgi = CGI::Fast->new ) {
     my $comp = $ENV{'PATH_INFO'};
 
+    # Each environment has its own way of handling .. and so on in paths,
+    # so RT consistently forbids such paths.
+    if ( $cgi->path_info =~ m{/\.} ) {
+        $RT::Logger->crit("Invalid request for ".$cgi->path_info." aborting");
+        print STDOUT "HTTP/1.0 400\r\n\r\n";
+
+        RT::Interface::Web::Handler->CleanupRequest();
+
+        next;
+    }
+
     $comp = $1 if ($comp =~ /^(.*)$/);
     my $web_path = RT->Config->Get('WebPath');
     $comp =~ s|^\Q$web_path\E\b||i;

Index: mason_handler.scgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/rt/bin/mason_handler.scgi,v
retrieving revision 1.6.4.1
retrieving revision 1.6.4.2
diff -u -w -d -r1.6.4.1 -r1.6.4.2
--- mason_handler.scgi	8 Apr 2011 23:13:48 -0000	1.6.4.1
+++ mason_handler.scgi	19 Apr 2011 00:23:56 -0000	1.6.4.2
@@ -57,6 +57,18 @@
 require CGI;
 
 my $cgi = CGI->new;
+
+# Each environment has its own way of handling .. and so on in paths,
+# so RT consistently forbids such paths.
+if ( $cgi->path_info =~ m{/\.} ) {
+    $RT::Logger->crit("Invalid request for ".$cgi->path_info." aborting");
+    print STDOUT "HTTP/1.0 400\r\n\r\n";
+
+    RT::Interface::Web::Handler->CleanupRequest();
+
+    return 0;
+}
+
 if ( ( !$Handler->interp->comp_exists( $cgi->path_info ) )
     && ( $Handler->interp->comp_exists( $cgi->path_info . "/index.html" ) ) ) {
     $cgi->path_info( $cgi->path_info . "/index.html" );

Index: mason_handler.fcgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/rt/bin/mason_handler.fcgi,v
retrieving revision 1.6.4.1
retrieving revision 1.6.4.2
diff -u -w -d -r1.6.4.1 -r1.6.4.2
--- mason_handler.fcgi	8 Apr 2011 23:13:48 -0000	1.6.4.1
+++ mason_handler.fcgi	19 Apr 2011 00:23:56 -0000	1.6.4.2
@@ -68,6 +68,17 @@
     Module::Refresh->refresh if RT->Config->Get('DevelMode');
     RT::ConnectToDatabase();
 
+    # Each environment has its own way of handling .. and so on in paths,
+    # so RT consistently forbids such paths.
+    if ( $cgi->path_info =~ m{/\.} ) {
+        $RT::Logger->crit("Invalid request for ".$cgi->path_info." aborting");
+        print STDOUT "HTTP/1.0 400\r\n\r\n";
+
+        RT::Interface::Web::Handler->CleanupRequest();
+
+        next;
+    }
+
     my $interp = $RT::Mason::Handler->interp;
     if (
         !$interp->comp_exists( $cgi->path_info )



More information about the freeside-commits mailing list