X-Git-Url: http://git.freeside.biz/gitweb/?a=blobdiff_plain;f=rt%2Fbin%2Fmason_handler.scgi;h=83649edaffba96dec1b150fd79abde5bbd33a561;hb=fb4ab1073f0d15d660c6cdc4e07afebf68ef3924;hp=bc6bd76c14c9ce59041dfcd05ecc822026577108;hpb=9509e5bfb7f9331303153cac24d7bfecbe2ea9f1;p=freeside.git

diff --git a/rt/bin/mason_handler.scgi b/rt/bin/mason_handler.scgi
index bc6bd76c1..83649edaf 100755
--- a/rt/bin/mason_handler.scgi
+++ b/rt/bin/mason_handler.scgi
@@ -1,39 +1,41 @@
 #!/usr/local/bin/speedy
 # BEGIN BPS TAGGED BLOCK {{{
-# 
+#
 # COPYRIGHT:
-#  
-# This software is Copyright (c) 1996-2005 Best Practical Solutions, LLC 
-#                                          <jesse@bestpractical.com>
-# 
+#
+# This software is Copyright (c) 1996-2011 Best Practical Solutions, LLC
+#                                          <sales@bestpractical.com>
+#
 # (Except where explicitly superseded by other copyright notices)
-# 
-# 
+#
+#
 # LICENSE:
-# 
+#
 # This work is made available to you under the terms of Version 2 of
 # the GNU General Public License. A copy of that license should have
 # been provided with this software, but in any event can be snarfed
 # from www.gnu.org.
-# 
+#
 # This work is distributed in the hope that it will be useful, but
 # WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 # General Public License for more details.
-# 
+#
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
-# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-# 
-# 
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+# 02110-1301 or visit their web page on the internet at
+# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html.
+#
+#
 # CONTRIBUTION SUBMISSION POLICY:
-# 
+#
 # (The following paragraph is not intended to limit the rights granted
 # to you to modify and distribute this software under the terms of
 # the GNU General Public License and is only of importance to you if
 # you choose to contribute your changes and enhancements to the
 # community by submitting them to Best Practical Solutions, LLC.)
-# 
+#
 # By intentionally submitting any modifications, corrections or
 # derivatives to this work, or any other work intended for use with
 # Request Tracker, to Best Practical Solutions, LLC, you confirm that
@@ -42,24 +44,37 @@
 # royalty-free, perpetual, license to use, copy, create derivative
 # works based on those contributions, and sublicense and distribute
 # those contributions and any derivatives thereof.
-# 
+#
 # END BPS TAGGED BLOCK }}}
 package RT::Mason;
 
 use strict;
 use vars '$Handler';
-require ('/opt/rt3/bin/webmux.pl');
+use File::Basename;
 
-require CGI;
+require (dirname(__FILE__) . '/webmux.pl');
 
-RT::Init();
+require CGI;
 
 my $cgi = CGI->new;
+
+# Each environment has its own way of handling .. and so on in paths,
+# so RT consistently forbids such paths.
+if ( $cgi->path_info =~ m{/\.} ) {
+    $RT::Logger->crit("Invalid request for ".$cgi->path_info." aborting");
+    print STDOUT "HTTP/1.0 400\r\n\r\n";
+
+    RT::Interface::Web::Handler->CleanupRequest();
+
+    return 0;
+}
+
 if ( ( !$Handler->interp->comp_exists( $cgi->path_info ) )
     && ( $Handler->interp->comp_exists( $cgi->path_info . "/index.html" ) ) ) {
     $cgi->path_info( $cgi->path_info . "/index.html" );
 }
 
+RT::ConnectToDatabase();
 $Handler->handle_cgi_object($cgi);
 RT::Interface::Web::Handler->CleanupRequest();
 1;