Mantis Bug Tracker

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0000014LnBlog[All Projects] Vulnerabilitypublic2010-12-17 10:422012-02-12 17:26
Reporterpageer 
Assigned Topageer 
PrioritynormalSeverityminorReproducibilityhave not tried
StatusassignedResolutionopen 
PlatformOSOS Version
Product Version1.0.0 
Target Version2.0.0Fixed in Version 
Summary0000014: Code uses include_path to find config and other files
DescriptionThe code relies far too heavily on PHP's include_path to find local configuration files and other scripts. This is probably a bad idea, as demonstrated by issue 0000013. Since we can compute absolute paths at run-time for nearly everything in the app, we should just use those instead.
TagsNo tags attached.
Attached Files

- Relationships
related to 0000013resolvedpageer Directory traversal vulnerability 

-  Notes
(0000020)
Source Control (developer)
2010-12-27 21:42

Changeset 79:67c62211bd60 by Peter Geer, Mon Dec 27 21:42:36 2010 -0500
Added dynamic upload field (fixes bug 0000001), fixed some deprecation errors (bug 0000016), and removed some include_path dependency (bug 0000014).
    lib/FileUpload.class.php
    lib/creators.php
    pages/fileupload.php
    pages/showarticles.php
    pages/showblog.php
    themes/default/scripts/editor.js
    themes/default/templates/entry_edit_tpl.php
    themes/default/templates/js_editor.php
    themes/default/templates/upload_form_tpl.php
(0000069)
pageer (administrator)
2012-02-12 17:26

This is going to be an ongoing task.

- Issue History
Date Modified Username Field Change
2010-12-17 10:42 pageer New Issue
2010-12-17 10:42 pageer Status new => assigned
2010-12-17 10:42 pageer Assigned To => pageer
2010-12-17 10:42 pageer Relationship added related to 0000013
2010-12-27 21:42 Source Control Checkin
2010-12-27 21:42 Source Control Note Added: 0000020
2011-06-21 21:55 pageer Target Version 1.0.0 => 1.1.0
2012-02-12 17:26 pageer Note Added: 0000069
2012-02-12 17:26 pageer Product Version => 1.0.0
2012-02-12 17:26 pageer Target Version 1.1.0 => 2.0.0


Copyright © 2000 - 2012 MantisBT Group
Powered by Mantis Bugtracker