Do not allow access to CVSROOT.

Bug #204126 r=timeless


git-svn-id: svn://10.0.0.236/trunk@166034 18797224-902f-48f8-a5cc-f745e15eee43

mozilla/webtools/bonsai/cvsblame.cgi

@@ -85,9 +85,6 @@ if ($filename eq '')
     print "\n";
     &print_usage;
     exit;
-} elsif ($filename =~ /CVSROOT/) {
-    print "\nFiles in the CVSROOT dir cannot be viewed.\n";
-    exit;
 }
 
 my ($file_head, $file_tail) = $filename =~ m@(.*/)?(.+)@;
@@ -150,11 +147,11 @@ unless ($found_rcs_file) {
   exit;
 }
 
+&ChrootFilename($root, $rcs_filename);
+
 my $rcs_path;
 ($rcs_path) = $rcs_filename =~ m@$root/(.*)/.+?,v@;
 
-CheckHidden($rcs_filename);
-
 # Parse the rcs file ($::opt_rev is passed as a global)
 #
 $revision = &parse_cvs_file($rcs_filename);

mozilla/webtools/bonsai/cvsgraph.cgi

@@ -112,6 +112,8 @@ unless ($found_rcs_file) {
     exit;
 }
 
+&ChrootFilename($root, $rcs_filename);
+
 # Hack these variables up the way that the cvsgraph executable wants them
 my $full_rcs_filename = $rcs_filename;
 $rcs_filename =~ s:^$root/::;

mozilla/webtools/bonsai/cvsquery.pl

@@ -245,6 +245,8 @@ sub query_checkins {
             next;
         }
 
+        next if ($key =~ m@^CVSROOT/@);
+
         if( $have_mod_map &&
            !&in_module(\%mod_map, $ci->[$::CI_DIR], $ci->[$::CI_FILE] ) ){
             next;

mozilla/webtools/bonsai/cvsview2.cgi

@@ -204,6 +204,7 @@ foreach $root (@SRCROOTS) {
     $dir = "$root/$opt_subdir";
     if (-d $dir) {
         $found = 1;
+        &ChrootFilename($root, $dir);
         last;
     }
 }

mozilla/webtools/bonsai/multidiff.cgi

@@ -86,6 +86,7 @@ for my $k (@revs) {
     if (! -r $fullname || IsHidden($fullname)) {
         next;
     }
+    &ChrootFilename($cvsroot, $fullname);
     open( DIFF, "$rcsdiffcommand -r$prevrev -r$rev -u " . shell_escape($fullname) ." 2>&1|" ) || die "rcsdiff failed\n";
     while(<DIFF>){
 		if (($_ =~ /RCS file/) || ($_ =~ /rcsdiff/)) {