]> git.koha-community.org Git - koha.git/commit
Bug 6628 : Stopping a potential vulnerability
authorChris Cormack <chrisc@catalyst.net.nz>
Fri, 25 Nov 2011 18:39:51 +0000 (07:39 +1300)
committerChris Nighswonger <chris.nighswonger@gmail.com>
Tue, 29 Nov 2011 01:11:39 +0000 (20:11 -0500)
commit4b22534bd0f2b9ddd079307a9c482a6653de41c4
tree33e86b35613c577d82e6a286c6de4c1fd531e422
parent218cc183ea2fdb9396498b05d5145d393c444000
Bug 6628 : Stopping a potential vulnerability

Signed-off-by: Frère Sébastien Marie <semarie-koha@latrappe.fr>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
- verified help pages still work
- verified /cgi-bin/koha/help.pl?url=koha/../catalogue/advsearch.pl does not
show the template file (did work on master, not after applying patch)
- verified cgi-bin/koha/help.pl?url=koha/../../../../../../etc/passwd%00.pl does not work (didn't work on master or after applying patch)

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
The potential vulnerability would allow anyone to see the content of any .tt file, and .tt only. Was much less critical than the vulnerability for 6629, but it's worth fixing !
(cherry picked from commit 8664d195671c1a65af7b205b14099c1581c0500b)

Signed-off-by: Chris Nighswonger <chris.nighswonger@gmail.com>
help.pl