Revert "Fix #13282, #13283: bug_actiongroup_ext_page.php LFI and XSS"

This reverts commit a7eacc1.

Paul fixed this in a better way with commit
a908cc6 (to be backported to 1.2.x
after this older commit is reverted).

bug_actiongroup_ext_page.php

@@ -40,18 +40,12 @@
   # redirect to view issues page if action doesn't have ext_* prefix.
   # This should only occur if this page is called directly.
 	$t_external_action_prefix = 'EXT_';
-	$t_matches = array();
-	preg_match( '/^EXT_(\w+)$/', $f_action, $t_matches );
-	if ( count( $t_matches ) !== 2 ) {
+	if ( strpos( $f_action, $t_external_action_prefix ) !== 0 ) {
 		print_header_redirect( 'view_all_bug_page.php' );
-		exit;
-	}
-	$t_external_action = $t_matches[1];
-	$t_include_file = 'bug_actiongroup_' . $t_external_action . '_inc.php';
-	if ( !file_exists( $t_include_file ) ) {
-		trigger_error( ERROR_GENERIC, ERROR );
-	}
+  }
 
+	$t_external_action = utf8_strtolower( utf8_substr( $f_action, utf8_strlen( $t_external_action_prefix ) ) );
+	$t_form_fields_page = 'bug_actiongroup_' . $t_external_action . '_inc.php';
 	$t_form_name = 'bug_actiongroup_' . $t_external_action;
 
 	bug_group_action_print_top();

core/bug_group_action_api.php

@@ -94,14 +94,7 @@ function bug_group_action_print_hidden_fields( $p_bug_ids_array ) {
  * @param $p_action   The custom action name without the "EXT_" prefix.
  */
 function bug_group_action_print_action_fields( $p_action ) {
-	if ( !preg_match( '/^\w+$/', $p_action ) ) {
-		trigger_error( ERROR_GENERIC, ERROR );
-	}
-	$t_include_file = 'bug_actiongroup_' . $p_action . '_inc.php';
-	if ( !file_exists( $t_include_file ) ) {
-		trigger_error( ERROR_GENERIC, ERROR );
-	}
-	require_once( $t_include_file );
+	require_once( dirname( dirname( __FILE__ ) ) . DIRECTORY_SEPARATOR . 'bug_actiongroup_' . $p_action . '_inc.php' );
 	$t_function_name = 'action_' . $p_action . '_print_fields';
 	$t_function_name();
 }
@@ -113,14 +106,7 @@ function bug_group_action_print_action_fields( $p_action ) {
  * @param $p_action   The custom action name without the "EXT_" prefix.
  */
 function bug_group_action_print_title( $p_action ) {
-	if ( !preg_match( '/^\w+$/', $p_action ) ) {
-		trigger_error( ERROR_GENERIC, ERROR );
-	}
-	$t_include_file = 'bug_actiongroup_' . $p_action . '_inc.php';
-	if ( !file_exists( $t_include_file ) ) {
-		trigger_error( ERROR_GENERIC, ERROR );
-	}
-	require_once( $t_include_file );
+	require_once( dirname( dirname( __FILE__ ) ) . DIRECTORY_SEPARATOR . 'bug_actiongroup_' . $p_action . '_inc.php' );
 	$t_function_name = 'action_' . $p_action . '_print_title';
 	$t_function_name();
 }
@@ -135,14 +121,7 @@ function bug_group_action_print_title( $p_action ) {
  * @returns true|array true if action can be applied or array of ( bug_id => reason for failure to validate )
  */
 function bug_group_action_validate( $p_action, $p_bug_id ) {
-	if ( !preg_match( '/^\w+$/', $p_action ) ) {
-		trigger_error( ERROR_GENERIC, ERROR );
-	}
-	$t_include_file = 'bug_actiongroup_' . $p_action . '_inc.php';
-	if ( !file_exists( $t_include_file ) ) {
-		trigger_error( ERROR_GENERIC, ERROR );
-	}
-	require_once( $t_include_file );
+	require_once( dirname( dirname( __FILE__ ) ) . DIRECTORY_SEPARATOR . 'bug_actiongroup_' . $p_action . '_inc.php' );
 	$t_function_name = 'action_' . $p_action . '_validate';
 	return $t_function_name( $p_bug_id );
 }
@@ -157,14 +136,7 @@ function bug_group_action_validate( $p_action, $p_bug_id ) {
  * @returns true|array Action can be applied., ( bug_id => reason for failure to process )
  */
 function bug_group_action_process( $p_action, $p_bug_id ) {
-	if ( !preg_match( '/^\w+$/', $p_action ) ) {
-		trigger_error( ERROR_GENERIC, ERROR );
-	}
-	$t_include_file = 'bug_actiongroup_' . $p_action . '_inc.php';
-	if ( !file_exists( $t_include_file ) ) {
-		trigger_error( ERROR_GENERIC, ERROR );
-	}
-	require_once( $t_include_file );
+	require_once( dirname( dirname( __FILE__ ) ) . DIRECTORY_SEPARATOR . 'bug_actiongroup_' . $p_action . '_inc.php' );
 	$t_function_name = 'action_' . $p_action . '_process';
 	return $t_function_name( $p_bug_id );
 }