|
Viewing Issue Simple Details
[ Jump to Notes ]
|
[ View Advanced ]
[ Issue History ]
[ Print ]
|
|
ID |
Category |
Severity |
Reproducibility |
Date Submitted |
Last Update |
|
0000321 |
[v1.2 Release (Closed)] Files |
minor |
always |
2009-12-01 10:11 |
2009-12-08 21:02 |
|
|
Reporter |
madumlao |
View Status |
public |
|
|
Assigned To |
caseydk |
|
Priority |
normal |
Resolution |
fixed |
|
|
Status |
closed |
|
Product Version |
|
|
|
Summary |
0000321: web2project files uploading demands 777 permissions when it could do with less |
|
Description |
in modules/files/addedit.php, the line that checks whether web2project can write to the files dir demands the files dir to have 777 permissions. This is not necessary and exposes the files dir to read/write access by other users on the server. |
|
Additional Information |
The preferred way to do this is using the php is_writable/readable/executable() functions on the files directory, because this directly tests the application'saccess, rather than indirectly compares the directory's permissions. 777 should be avoided when possible.
Attached file just swaps out the long permission check in adedit.php with an is_writable call. |
| Tags |
No tags attached. |
|
|
Attached Files |
 addedit.php.diff [^] (1,073 bytes) 2009-12-01 10:11 |
|
|
Relationships 
