[freeside-commits] freeside/rt/bin fastcgi_server, 1.2, 1.3 mason_handler.fcgi, 1.7, 1.8 mason_handler.scgi, 1.7, 1.8 mason_handler.svc, 1.5, 1.6 rt-mailgate, 1.6, 1.7 rt-mailgate.in, 1.2, 1.3 standalone_httpd, 1.2, 1.3

Ivan,,, ivan at wavetail.420.am
Mon Apr 18 16:49:56 PDT 2011 

Update of /home/cvs/cvsroot/freeside/rt/bin
In directory wavetail.420.am:/tmp/cvs-serv2120/bin

Modified Files:
	fastcgi_server mason_handler.fcgi mason_handler.scgi 
	mason_handler.svc rt-mailgate rt-mailgate.in standalone_httpd 
Log Message:
commiting rt 3.8.10 to HEAD

Index: rt-mailgate.in
===================================================================
RCS file: /home/cvs/cvsroot/freeside/rt/bin/rt-mailgate.in,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -w -d -r1.2 -r1.3
--- rt-mailgate.in	14 Apr 2011 19:02:41 -0000	1.2
+++ rt-mailgate.in	18 Apr 2011 23:49:54 -0000	1.3
@@ -186,7 +186,7 @@
         print STDERR "$0: Couldn't create temp file, using memory\n";
         print STDERR "error: $@\n" if $@;
 
-        my $message = \do { local (@ARGV, $/); <> };
+        my $message = \do { local (@ARGV, $/); <STDIN> };
         unless ( $$message =~ /\S/ ) {
             print STDERR "$0: no message passed on STDIN\n";
             exit 0;

Index: standalone_httpd
===================================================================
RCS file: /home/cvs/cvsroot/freeside/rt/bin/standalone_httpd,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -w -d -r1.2 -r1.3
--- standalone_httpd	17 Feb 2011 00:52:25 -0000	1.2
+++ standalone_httpd	18 Apr 2011 23:49:54 -0000	1.3
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/perl -w
 # BEGIN BPS TAGGED BLOCK {{{
 #
 # COPYRIGHT:

Index: fastcgi_server
===================================================================
RCS file: /home/cvs/cvsroot/freeside/rt/bin/fastcgi_server,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -w -d -r1.2 -r1.3
--- fastcgi_server	17 Feb 2011 00:52:24 -0000	1.2
+++ fastcgi_server	18 Apr 2011 23:49:53 -0000	1.3
@@ -230,6 +230,18 @@
     Module::Refresh->refresh if RT->Config->Get('DevelMode');
     RT::ConnectToDatabase();
 
+    # Each environment has its own way of handling .. and so on in paths,
+    # so RT consistently forbids such paths.
+    if ( $cgi->path_info =~ m{/\.} ) {
+        $RT::Logger->crit("Invalid request for ".$cgi->path_info." aborting");
+        print STDOUT "HTTP/1.0 400\r\n\r\n";
+
+        RT::Interface::Web::Handler->CleanupRequest();
+        $proc_manager->pm_post_dispatch;
+
+        next;
+    }
+
     my $interp = $RT::Mason::Handler->interp;
     if (
         !$interp->comp_exists( $cgi->path_info )

Index: rt-mailgate
===================================================================
RCS file: /home/cvs/cvsroot/freeside/rt/bin/rt-mailgate,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -w -d -r1.6 -r1.7
--- rt-mailgate	17 Feb 2011 00:52:25 -0000	1.6
+++ rt-mailgate	18 Apr 2011 23:49:54 -0000	1.7
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/perl -w
 # BEGIN BPS TAGGED BLOCK {{{
 #
 # COPYRIGHT:
@@ -186,7 +186,7 @@
         print STDERR "$0: Couldn't create temp file, using memory\n";
         print STDERR "error: $@\n" if $@;
 
-        my $message = \do { local (@ARGV, $/); <> };
+        my $message = \do { local (@ARGV, $/); <STDIN> };
         unless ( $$message =~ /\S/ ) {
             print STDERR "$0: no message passed on STDIN\n";
             exit 0;

Index: mason_handler.svc
===================================================================
RCS file: /home/cvs/cvsroot/freeside/rt/bin/mason_handler.svc,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -w -d -r1.5 -r1.6
--- mason_handler.svc	17 Feb 2011 00:52:25 -0000	1.5
+++ mason_handler.svc	18 Apr 2011 23:49:54 -0000	1.6
@@ -234,6 +234,17 @@
 while( my $cgi = CGI::Fast->new ) {
     my $comp = $ENV{'PATH_INFO'};
 
+    # Each environment has its own way of handling .. and so on in paths,
+    # so RT consistently forbids such paths.
+    if ( $cgi->path_info =~ m{/\.} ) {
+        $RT::Logger->crit("Invalid request for ".$cgi->path_info." aborting");
+        print STDOUT "HTTP/1.0 400\r\n\r\n";
+
+        RT::Interface::Web::Handler->CleanupRequest();
+
+        next;
+    }
+
     $comp = $1 if ($comp =~ /^(.*)$/);
     my $web_path = RT->Config->Get('WebPath');
     $comp =~ s|^\Q$web_path\E\b||i;

Index: mason_handler.scgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/rt/bin/mason_handler.scgi,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -w -d -r1.7 -r1.8
--- mason_handler.scgi	17 Feb 2011 00:52:24 -0000	1.7
+++ mason_handler.scgi	18 Apr 2011 23:49:54 -0000	1.8
@@ -57,6 +57,18 @@
 require CGI;
 
 my $cgi = CGI->new;
+
+# Each environment has its own way of handling .. and so on in paths,
+# so RT consistently forbids such paths.
+if ( $cgi->path_info =~ m{/\.} ) {
+    $RT::Logger->crit("Invalid request for ".$cgi->path_info." aborting");
+    print STDOUT "HTTP/1.0 400\r\n\r\n";
+
+    RT::Interface::Web::Handler->CleanupRequest();
+
+    return 0;
+}
+
 if ( ( !$Handler->interp->comp_exists( $cgi->path_info ) )
     && ( $Handler->interp->comp_exists( $cgi->path_info . "/index.html" ) ) ) {
     $cgi->path_info( $cgi->path_info . "/index.html" );

Index: mason_handler.fcgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/rt/bin/mason_handler.fcgi,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -w -d -r1.7 -r1.8
--- mason_handler.fcgi	17 Feb 2011 00:52:24 -0000	1.7
+++ mason_handler.fcgi	18 Apr 2011 23:49:54 -0000	1.8
@@ -68,6 +68,17 @@
     Module::Refresh->refresh if RT->Config->Get('DevelMode');
     RT::ConnectToDatabase();
 
+    # Each environment has its own way of handling .. and so on in paths,
+    # so RT consistently forbids such paths.
+    if ( $cgi->path_info =~ m{/\.} ) {
+        $RT::Logger->crit("Invalid request for ".$cgi->path_info." aborting");
+        print STDOUT "HTTP/1.0 400\r\n\r\n";
+
+        RT::Interface::Web::Handler->CleanupRequest();
+
+        next;
+    }
+
     my $interp = $RT::Mason::Handler->interp;
     if (
         !$interp->comp_exists( $cgi->path_info )

More information about the freeside-commits mailing list