diff options
Diffstat (limited to 'rt/bin')
| -rwxr-xr-x | rt/bin/fastcgi_server | 14 | ||||
| -rw-r--r-- | rt/bin/fastcgi_server.in | 12 | ||||
| -rwxr-xr-x | rt/bin/mason_handler.fcgi | 13 | ||||
| -rw-r--r-- | rt/bin/mason_handler.fcgi.in | 11 | ||||
| -rwxr-xr-x | rt/bin/mason_handler.scgi | 12 | ||||
| -rw-r--r-- | rt/bin/mason_handler.scgi.in | 12 | ||||
| -rw-r--r-- | rt/bin/mason_handler.svc | 13 | ||||
| -rw-r--r-- | rt/bin/mason_handler.svc.in | 11 | ||||
| -rwxr-xr-x | rt/bin/rt | 12 | ||||
| -rw-r--r-- | rt/bin/rt-crontool | 2 | ||||
| -rwxr-xr-x | rt/bin/rt-mailgate | 4 | ||||
| -rw-r--r-- | rt/bin/rt-mailgate.in | 2 | ||||
| -rw-r--r-- | rt/bin/rt.in | 10 | ||||
| -rwxr-xr-x | rt/bin/standalone_httpd | 2 | ||||
| -rwxr-xr-x | rt/bin/webmux.pl | 19 | ||||
| -rw-r--r-- | rt/bin/webmux.pl.in | 17 |
16 files changed, 144 insertions, 22 deletions
diff --git a/rt/bin/fastcgi_server b/rt/bin/fastcgi_server index f8e8828ce..4ccf014da 100755 --- a/rt/bin/fastcgi_server +++ b/rt/bin/fastcgi_server @@ -1,4 +1,4 @@ -#!/Users/falcone/perl5/perlbrew/bin/perl +#!/usr/bin/perl # BEGIN BPS TAGGED BLOCK {{{ # # COPYRIGHT: @@ -230,6 +230,18 @@ while ( my $cgi = CGI::Fast->new ) { Module::Refresh->refresh if RT->Config->Get('DevelMode'); RT::ConnectToDatabase(); + # Each environment has its own way of handling .. and so on in paths, + # so RT consistently forbids such paths. + if ( $cgi->path_info =~ m{/\.} ) { + $RT::Logger->crit("Invalid request for ".$cgi->path_info." aborting"); + print STDOUT "HTTP/1.0 400\r\n\r\n"; + + RT::Interface::Web::Handler->CleanupRequest(); + $proc_manager->pm_post_dispatch; + + next; + } + my $interp = $RT::Mason::Handler->interp; if ( !$interp->comp_exists( $cgi->path_info ) diff --git a/rt/bin/fastcgi_server.in b/rt/bin/fastcgi_server.in index 2aa953168..d6df63c7d 100644 --- a/rt/bin/fastcgi_server.in +++ b/rt/bin/fastcgi_server.in @@ -230,6 +230,18 @@ while ( my $cgi = CGI::Fast->new ) { Module::Refresh->refresh if RT->Config->Get('DevelMode'); RT::ConnectToDatabase(); + # Each environment has its own way of handling .. and so on in paths, + # so RT consistently forbids such paths. + if ( $cgi->path_info =~ m{/\.} ) { + $RT::Logger->crit("Invalid request for ".$cgi->path_info." aborting"); + print STDOUT "HTTP/1.0 400\r\n\r\n"; + + RT::Interface::Web::Handler->CleanupRequest(); + $proc_manager->pm_post_dispatch; + + next; + } + my $interp = $RT::Mason::Handler->interp; if ( !$interp->comp_exists( $cgi->path_info ) diff --git a/rt/bin/mason_handler.fcgi b/rt/bin/mason_handler.fcgi index acc13a339..996e96076 100755 --- a/rt/bin/mason_handler.fcgi +++ b/rt/bin/mason_handler.fcgi @@ -1,4 +1,4 @@ -#!/Users/falcone/perl5/perlbrew/bin/perl +#!/usr/bin/perl # BEGIN BPS TAGGED BLOCK {{{ # # COPYRIGHT: @@ -68,6 +68,17 @@ while ( my $cgi = CGI::Fast->new ) { Module::Refresh->refresh if RT->Config->Get('DevelMode'); RT::ConnectToDatabase(); + # Each environment has its own way of handling .. and so on in paths, + # so RT consistently forbids such paths. + if ( $cgi->path_info =~ m{/\.} ) { + $RT::Logger->crit("Invalid request for ".$cgi->path_info." aborting"); + print STDOUT "HTTP/1.0 400\r\n\r\n"; + + RT::Interface::Web::Handler->CleanupRequest(); + + next; + } + my $interp = $RT::Mason::Handler->interp; if ( !$interp->comp_exists( $cgi->path_info ) diff --git a/rt/bin/mason_handler.fcgi.in b/rt/bin/mason_handler.fcgi.in index b980bc188..4682abf16 100644 --- a/rt/bin/mason_handler.fcgi.in +++ b/rt/bin/mason_handler.fcgi.in @@ -68,6 +68,17 @@ while ( my $cgi = CGI::Fast->new ) { Module::Refresh->refresh if RT->Config->Get('DevelMode'); RT::ConnectToDatabase(); + # Each environment has its own way of handling .. and so on in paths, + # so RT consistently forbids such paths. + if ( $cgi->path_info =~ m{/\.} ) { + $RT::Logger->crit("Invalid request for ".$cgi->path_info." aborting"); + print STDOUT "HTTP/1.0 400\r\n\r\n"; + + RT::Interface::Web::Handler->CleanupRequest(); + + next; + } + my $interp = $RT::Mason::Handler->interp; if ( !$interp->comp_exists( $cgi->path_info ) diff --git a/rt/bin/mason_handler.scgi b/rt/bin/mason_handler.scgi index 5cbb9a30f..83649edaf 100755 --- a/rt/bin/mason_handler.scgi +++ b/rt/bin/mason_handler.scgi @@ -57,6 +57,18 @@ require (dirname(__FILE__) . '/webmux.pl'); require CGI; my $cgi = CGI->new; + +# Each environment has its own way of handling .. and so on in paths, +# so RT consistently forbids such paths. +if ( $cgi->path_info =~ m{/\.} ) { + $RT::Logger->crit("Invalid request for ".$cgi->path_info." aborting"); + print STDOUT "HTTP/1.0 400\r\n\r\n"; + + RT::Interface::Web::Handler->CleanupRequest(); + + return 0; +} + if ( ( !$Handler->interp->comp_exists( $cgi->path_info ) ) && ( $Handler->interp->comp_exists( $cgi->path_info . "/index.html" ) ) ) { $cgi->path_info( $cgi->path_info . "/index.html" ); diff --git a/rt/bin/mason_handler.scgi.in b/rt/bin/mason_handler.scgi.in index 5b6a7e272..fa771b783 100644 --- a/rt/bin/mason_handler.scgi.in +++ b/rt/bin/mason_handler.scgi.in @@ -57,6 +57,18 @@ require (dirname(__FILE__) . '/webmux.pl'); require CGI; my $cgi = CGI->new; + +# Each environment has its own way of handling .. and so on in paths, +# so RT consistently forbids such paths. +if ( $cgi->path_info =~ m{/\.} ) { + $RT::Logger->crit("Invalid request for ".$cgi->path_info." aborting"); + print STDOUT "HTTP/1.0 400\r\n\r\n"; + + RT::Interface::Web::Handler->CleanupRequest(); + + return 0; +} + if ( ( !$Handler->interp->comp_exists( $cgi->path_info ) ) && ( $Handler->interp->comp_exists( $cgi->path_info . "/index.html" ) ) ) { $cgi->path_info( $cgi->path_info . "/index.html" ); diff --git a/rt/bin/mason_handler.svc b/rt/bin/mason_handler.svc index c87c275f8..6275a9e59 100644 --- a/rt/bin/mason_handler.svc +++ b/rt/bin/mason_handler.svc @@ -1,4 +1,4 @@ -#!/Users/falcone/perl5/perlbrew/bin/perl +#!/usr/bin/perl # BEGIN BPS TAGGED BLOCK {{{ # # COPYRIGHT: @@ -234,6 +234,17 @@ $Handler ||= RT::Interface::Web::Handler->new( while( my $cgi = CGI::Fast->new ) { my $comp = $ENV{'PATH_INFO'}; + # Each environment has its own way of handling .. and so on in paths, + # so RT consistently forbids such paths. + if ( $cgi->path_info =~ m{/\.} ) { + $RT::Logger->crit("Invalid request for ".$cgi->path_info." aborting"); + print STDOUT "HTTP/1.0 400\r\n\r\n"; + + RT::Interface::Web::Handler->CleanupRequest(); + + next; + } + $comp = $1 if ($comp =~ /^(.*)$/); my $web_path = RT->Config->Get('WebPath'); $comp =~ s|^\Q$web_path\E\b||i; diff --git a/rt/bin/mason_handler.svc.in b/rt/bin/mason_handler.svc.in index 2cbf4357a..119b110db 100644 --- a/rt/bin/mason_handler.svc.in +++ b/rt/bin/mason_handler.svc.in @@ -234,6 +234,17 @@ $Handler ||= RT::Interface::Web::Handler->new( while( my $cgi = CGI::Fast->new ) { my $comp = $ENV{'PATH_INFO'}; + # Each environment has its own way of handling .. and so on in paths, + # so RT consistently forbids such paths. + if ( $cgi->path_info =~ m{/\.} ) { + $RT::Logger->crit("Invalid request for ".$cgi->path_info." aborting"); + print STDOUT "HTTP/1.0 400\r\n\r\n"; + + RT::Interface::Web::Handler->CleanupRequest(); + + next; + } + $comp = $1 if ($comp =~ /^(.*)$/); my $web_path = RT->Config->Get('WebPath'); $comp =~ s|^\Q$web_path\E\b||i; @@ -1,4 +1,4 @@ -#!/Users/falcone/perl5/perlbrew/bin/perl -w +#!/usr/bin/perl -w # BEGIN BPS TAGGED BLOCK {{{ # # COPYRIGHT: @@ -1166,7 +1166,7 @@ sub submit { $file ||= $self->{file}; local *F; - open(F, $file) && do { + open(F, '<', $file) && do { $self->{file} = $file; my $sids = $self->{sids} = {}; while (<F>) { @@ -1187,7 +1187,7 @@ sub submit { $file ||= $self->{file}; local *F; - open(F, ">$file") && do { + open(F, '>', $file) && do { my $sids = $self->{sids}; foreach my $server (keys %$sids) { foreach my $user (keys %{ $sids->{$server} }) { @@ -1429,7 +1429,7 @@ sub parse_config_file { my ($file) = @_; local $_; # $_ may be aliased to a constant, from line 1163 - open(CFG, $file) && do { + open(CFG, '<', $file) && do { while (<CFG>) { chomp; next if (/^#/ || /^\s*$/); @@ -1479,9 +1479,9 @@ sub vi { local *F; local $/ = undef; - open(F, ">$file") || die "$file: $!\n"; print F $text; close(F); + open(F, '>', $file) or die "$file: $!\n"; print F $text; close(F); system($editor, $file) && die "Couldn't run $editor.\n"; - open(F, $file) || die "$file: $!\n"; $text = <F>; close(F); + open(F, '<', $file) or die "$file: $!\n"; $text = <F>; close(F); unlink($file); return $text; diff --git a/rt/bin/rt-crontool b/rt/bin/rt-crontool index 64b81e80c..61932804c 100644 --- a/rt/bin/rt-crontool +++ b/rt/bin/rt-crontool @@ -1,4 +1,4 @@ -#!/Users/falcone/perl5/perlbrew/bin/perl +#!/usr/bin/perl # BEGIN BPS TAGGED BLOCK {{{ # # COPYRIGHT: diff --git a/rt/bin/rt-mailgate b/rt/bin/rt-mailgate index dfa332c75..de0529d84 100755 --- a/rt/bin/rt-mailgate +++ b/rt/bin/rt-mailgate @@ -1,4 +1,4 @@ -#!/Users/falcone/perl5/perlbrew/bin/perl -w +#!/usr/bin/perl -w # BEGIN BPS TAGGED BLOCK {{{ # # COPYRIGHT: @@ -186,7 +186,7 @@ sub write_down_message { print STDERR "$0: Couldn't create temp file, using memory\n"; print STDERR "error: $@\n" if $@; - my $message = \do { local (@ARGV, $/); <> }; + my $message = \do { local (@ARGV, $/); <STDIN> }; unless ( $$message =~ /\S/ ) { print STDERR "$0: no message passed on STDIN\n"; exit 0; diff --git a/rt/bin/rt-mailgate.in b/rt/bin/rt-mailgate.in index 271806c00..c1a57cb3e 100644 --- a/rt/bin/rt-mailgate.in +++ b/rt/bin/rt-mailgate.in @@ -186,7 +186,7 @@ sub write_down_message { print STDERR "$0: Couldn't create temp file, using memory\n"; print STDERR "error: $@\n" if $@; - my $message = \do { local (@ARGV, $/); <> }; + my $message = \do { local (@ARGV, $/); <STDIN> }; unless ( $$message =~ /\S/ ) { print STDERR "$0: no message passed on STDIN\n"; exit 0; diff --git a/rt/bin/rt.in b/rt/bin/rt.in index 308950c14..aefe7af72 100644 --- a/rt/bin/rt.in +++ b/rt/bin/rt.in @@ -1166,7 +1166,7 @@ sub submit { $file ||= $self->{file}; local *F; - open(F, $file) && do { + open(F, '<', $file) && do { $self->{file} = $file; my $sids = $self->{sids} = {}; while (<F>) { @@ -1187,7 +1187,7 @@ sub submit { $file ||= $self->{file}; local *F; - open(F, ">$file") && do { + open(F, '>', $file) && do { my $sids = $self->{sids}; foreach my $server (keys %$sids) { foreach my $user (keys %{ $sids->{$server} }) { @@ -1429,7 +1429,7 @@ sub parse_config_file { my ($file) = @_; local $_; # $_ may be aliased to a constant, from line 1163 - open(CFG, $file) && do { + open(CFG, '<', $file) && do { while (<CFG>) { chomp; next if (/^#/ || /^\s*$/); @@ -1479,9 +1479,9 @@ sub vi { local *F; local $/ = undef; - open(F, ">$file") || die "$file: $!\n"; print F $text; close(F); + open(F, '>', $file) or die "$file: $!\n"; print F $text; close(F); system($editor, $file) && die "Couldn't run $editor.\n"; - open(F, $file) || die "$file: $!\n"; $text = <F>; close(F); + open(F, '<', $file) or die "$file: $!\n"; $text = <F>; close(F); unlink($file); return $text; diff --git a/rt/bin/standalone_httpd b/rt/bin/standalone_httpd index f89c5fb7c..a307910c1 100755 --- a/rt/bin/standalone_httpd +++ b/rt/bin/standalone_httpd @@ -1,4 +1,4 @@ -#!/Users/falcone/perl5/perlbrew/bin/perl -w +#!/usr/bin/perl -w # BEGIN BPS TAGGED BLOCK {{{ # # COPYRIGHT: diff --git a/rt/bin/webmux.pl b/rt/bin/webmux.pl index 35ef4dba4..561dec55e 100755 --- a/rt/bin/webmux.pl +++ b/rt/bin/webmux.pl @@ -1,4 +1,4 @@ -#!/Users/falcone/perl5/perlbrew/bin/perl +#!/usr/bin/perl # BEGIN BPS TAGGED BLOCK {{{ # # COPYRIGHT: @@ -73,7 +73,8 @@ sub handler { # and make all system() and open "|-" dangerouse, for example DBI # can get this FD for DB connection and system() call will close # by putting grabage into the socket - open $protect_fd, '>/dev/null' or die "Couldn't open /dev/null: $!"; + open( $protect_fd, '>', '/dev/null' ) + or die "Couldn't open /dev/null: $!"; unless ( fileno($protect_fd) == 1 ) { warn "We opened /dev/null to protect FD #1, but descriptor #1 is already occupied"; } @@ -93,6 +94,20 @@ sub handler { RT::ConnectToDatabase(); + # none of the methods in $r gives us the information we want (most + # canonicalize /foo/../bar to /bar which is exactly what we want to avoid) + my (undef, $requested) = split ' ', $r->the_request, 3; + my $uri = URI->new("http://".$r->hostname.$requested); + my $path = URI::Escape::uri_unescape($uri->path); + + ## Each environment has its own way of handling .. and so on in paths, + ## so RT consistently forbids such paths. + if ( $path =~ m{/\.} ) { + $RT::Logger->crit("Invalid request for ".$path." aborting"); + RT::Interface::Web::Handler->CleanupRequest(); + return 400; + } + my (%session, $status); { local $@; diff --git a/rt/bin/webmux.pl.in b/rt/bin/webmux.pl.in index 8086177af..7aae041b3 100644 --- a/rt/bin/webmux.pl.in +++ b/rt/bin/webmux.pl.in @@ -73,7 +73,8 @@ sub handler { # and make all system() and open "|-" dangerouse, for example DBI # can get this FD for DB connection and system() call will close # by putting grabage into the socket - open $protect_fd, '>/dev/null' or die "Couldn't open /dev/null: $!"; + open( $protect_fd, '>', '/dev/null' ) + or die "Couldn't open /dev/null: $!"; unless ( fileno($protect_fd) == 1 ) { warn "We opened /dev/null to protect FD #1, but descriptor #1 is already occupied"; } @@ -93,6 +94,20 @@ sub handler { RT::ConnectToDatabase(); + # none of the methods in $r gives us the information we want (most + # canonicalize /foo/../bar to /bar which is exactly what we want to avoid) + my (undef, $requested) = split ' ', $r->the_request, 3; + my $uri = URI->new("http://".$r->hostname.$requested); + my $path = URI::Escape::uri_unescape($uri->path); + + ## Each environment has its own way of handling .. and so on in paths, + ## so RT consistently forbids such paths. + if ( $path =~ m{/\.} ) { + $RT::Logger->crit("Invalid request for ".$path." aborting"); + RT::Interface::Web::Handler->CleanupRequest(); + return 400; + } + my (%session, $status); { local $@; |