X-Git-Url: http://git.freeside.biz/gitweb/?p=freeside.git;a=blobdiff_plain;f=rt%2Fbin%2Ffastcgi_server.in;h=d6df63c7d8303ab3125a068d274754623df98096;hp=a63714488a7d2a4cd6a326e42502443f5625b75d;hb=75162bb14b3e38d66617077843f4dfdcaf09d5c4;hpb=e70abd21bab68b23488f7ef1ee2e693a3b365691

diff --git a/rt/bin/fastcgi_server.in b/rt/bin/fastcgi_server.in
index a63714488..d6df63c7d 100644
--- a/rt/bin/fastcgi_server.in
+++ b/rt/bin/fastcgi_server.in
@@ -1,41 +1,41 @@
 #!@PERL@
 # BEGIN BPS TAGGED BLOCK {{{
-# 
+#
 # COPYRIGHT:
-# 
-# This software is Copyright (c) 1996-2009 Best Practical Solutions, LLC
-#                                          <jesse@bestpractical.com>
-# 
+#
+# This software is Copyright (c) 1996-2011 Best Practical Solutions, LLC
+#                                          <sales@bestpractical.com>
+#
 # (Except where explicitly superseded by other copyright notices)
-# 
-# 
+#
+#
 # LICENSE:
-# 
+#
 # This work is made available to you under the terms of Version 2 of
 # the GNU General Public License. A copy of that license should have
 # been provided with this software, but in any event can be snarfed
 # from www.gnu.org.
-# 
+#
 # This work is distributed in the hope that it will be useful, but
 # WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 # General Public License for more details.
-# 
+#
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
 # 02110-1301 or visit their web page on the internet at
 # http://www.gnu.org/licenses/old-licenses/gpl-2.0.html.
-# 
-# 
+#
+#
 # CONTRIBUTION SUBMISSION POLICY:
-# 
+#
 # (The following paragraph is not intended to limit the rights granted
 # to you to modify and distribute this software under the terms of
 # the GNU General Public License and is only of importance to you if
 # you choose to contribute your changes and enhancements to the
 # community by submitting them to Best Practical Solutions, LLC.)
-# 
+#
 # By intentionally submitting any modifications, corrections or
 # derivatives to this work, or any other work intended for use with
 # Request Tracker, to Best Practical Solutions, LLC, you confirm that
@@ -44,9 +44,8 @@
 # royalty-free, perpetual, license to use, copy, create derivative
 # works based on those contributions, and sublicense and distribute
 # those contributions and any derivatives thereof.
-# 
+#
 # END BPS TAGGED BLOCK }}}
-
 =head1 NAME
 
 fastcgi_server - external FastCGI server for RT
@@ -199,7 +198,7 @@ $ENV{'RT_WEBMUX_HEAVY_LOAD'} = 1;
 use File::Basename;
 require (dirname(__FILE__) .'/webmux.pl');
 
-unless ( $opt{'socket'} && $opt{'port'} ) {
+unless ( $opt{'socket'} || $opt{'port'} ) {
     require File::Spec;
     $opt{'socket'} = File::Spec->catfile($RT::VarPath, 'fastcgi.sock');
 }
@@ -231,6 +230,18 @@ while ( my $cgi = CGI::Fast->new ) {
     Module::Refresh->refresh if RT->Config->Get('DevelMode');
     RT::ConnectToDatabase();
 
+    # Each environment has its own way of handling .. and so on in paths,
+    # so RT consistently forbids such paths.
+    if ( $cgi->path_info =~ m{/\.} ) {
+        $RT::Logger->crit("Invalid request for ".$cgi->path_info." aborting");
+        print STDOUT "HTTP/1.0 400\r\n\r\n";
+
+        RT::Interface::Web::Handler->CleanupRequest();
+        $proc_manager->pm_post_dispatch;
+
+        next;
+    }
+
     my $interp = $RT::Mason::Handler->interp;
     if (
         !$interp->comp_exists( $cgi->path_info )