MantisBT - v1.2 Release (Closed)
View Issue Details
0000321v1.2 Release (Closed)[All Projects] Generalpublic2009-12-01 08:112009-12-08 19:02
Assigned Tocaseydk 
PlatformOSOS Version
Product Version 
Target VersionFixed in Version1.2 
Summary0000321: web2project files uploading demands 777 permissions when it could do with less
Descriptionin modules/files/addedit.php, the line that checks whether web2project can write to the files dir demands the files dir to have 777 permissions. This is not necessary and exposes the files dir to read/write access by other users on the server.
Additional InformationThe preferred way to do this is using the php is_writable/readable/executable() functions on the files directory, because this directly tests the application'saccess, rather than indirectly compares the directory's permissions. 777 should be avoided when possible.

Attached file just swaps out the long permission check in adedit.php with an is_writable call.
TagsNo tags attached.
Attached Filesdiff addedit.php.diff (1,073) 1969-12-31 16:00

2009-12-01 09:30   
Awesome, you're my hero.

I've been concerned about this one but haven't been able to get to it. I'll review this one and merge/offer feedback asap.
2009-12-02 14:37   
Resolved as described in r827;

Issue History
2009-12-01 08:11madumlaoNew Issue
2009-12-01 08:11madumlaoFile Added: addedit.php.diff
2009-12-01 09:30caseydkNote Added: 0000617
2009-12-02 14:37caseydkStatusnew => resolved
2009-12-02 14:37caseydkResolutionopen => fixed
2009-12-02 14:37caseydkAssigned To => caseydk
2009-12-02 14:37caseydkNote Added: 0000618
2009-12-02 14:37caseydkProjectv1.1 Release (Closed) => v1.2 Release (Closed)
2009-12-08 19:02caseydkStatusresolved => closed
2009-12-08 19:02caseydkFixed in Version => 1.2