[ka-Map-dev] [Bug 1630] getcjs.php critical information disclosure
vulnerability
bugzilla-daemon at bugzilla.maptools.org
bugzilla-daemon at bugzilla.maptools.org
Wed Jan 10 16:30:05 EST 2007
http://bugzilla.maptools.org/show_bug.cgi?id=1630
------- Additional Comments From pspencer at dmsolutions.ca 2007-01-10 16:30 -------
this is a hang-over from when the scripts were all stored in ../scripts.
I think we could test the requested script name(s) to ensure they are in the current directory, something
like:
$dir = dirname(__FILE__);
if (dirname($requestedFile) != $dir) {
//refuse to process
}
If someone can prepare a new version of getcjs or a patch, I'll commit.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
Please do NOT reply to this email, use the link above instead to
login to bugzilla and submit your comment. Any email reply to this
address will be lost.
More information about the ka-Map-dev
mailing list