0000321: web2project files uploading demands 777 permissions when it could do with less

MantisBT - v1.2 Release (Closed)
View Issue Details

ID	Project	Category	View Status	Date Submitted	Last Update
0000321	v1.2 Release (Closed)	[All Projects] General	public	2009-12-01 08:11	2009-12-08 19:02

Reporter	madumlao
Assigned To	caseydk
Priority	normal	Severity	minor	Reproducibility	always
Status	closed	Resolution	fixed
Platform		OS		OS Version
Product Version
Target Version		Fixed in Version	1.2

Summary	0000321: web2project files uploading demands 777 permissions when it could do with less
Description	in modules/files/addedit.php, the line that checks whether web2project can write to the files dir demands the files dir to have 777 permissions. This is not necessary and exposes the files dir to read/write access by other users on the server.
Additional Information	The preferred way to do this is using the php is_writable/readable/executable() functions on the files directory, because this directly tests the application'saccess, rather than indirectly compares the directory's permissions. 777 should be avoided when possible. Attached file just swaps out the long permission check in adedit.php with an is_writable call.
Tags	No tags attached.
Relationships
Attached Files	addedit.php.diff (1,073) 1969-12-31 16:00 https://bugs.web2project.net/file_download.php?file_id=66&type=bug

Notes

Date Modified	Username	Field	Change
Issue History

2009-12-01 08:11	madumlao	New Issue
2009-12-01 08:11	madumlao	File Added: addedit.php.diff
2009-12-01 09:30	caseydk	Note Added: 0000617
2009-12-02 14:37	caseydk	Status	new => resolved
2009-12-02 14:37	caseydk	Resolution	open => fixed
2009-12-02 14:37	caseydk	Assigned To	=> caseydk
2009-12-02 14:37	caseydk	Note Added: 0000618
2009-12-02 14:37	caseydk	Project	v1.1 Release (Closed) => v1.2 Release (Closed)
2009-12-08 19:02	caseydk	Status	resolved => closed
2009-12-08 19:02	caseydk	Fixed in Version	=> 1.2