View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||
ID | Project | Category | View Status | Date Submitted | Last Update | ||||
---|---|---|---|---|---|---|---|---|---|
0000321 | v1.2 Release (Closed) | [All Projects] General | public | 2009-12-01 08:11 | 2009-12-08 19:02 | ||||
Reporter | madumlao | ||||||||
Assigned To | caseydk | ||||||||
Priority | normal | Severity | minor | Reproducibility | always | ||||
Status | closed | Resolution | fixed | ||||||
Product Version | |||||||||
Target Version | Fixed in Version | 1.2 | |||||||
Summary | 0000321: web2project files uploading demands 777 permissions when it could do with less | ||||||||
Description | in modules/files/addedit.php, the line that checks whether web2project can write to the files dir demands the files dir to have 777 permissions. This is not necessary and exposes the files dir to read/write access by other users on the server. | ||||||||
Additional Information | The preferred way to do this is using the php is_writable/readable/executable() functions on the files directory, because this directly tests the application'saccess, rather than indirectly compares the directory's permissions. 777 should be avoided when possible. Attached file just swaps out the long permission check in adedit.php with an is_writable call. | ||||||||
Tags | No tags attached. | ||||||||
Attached Files |
|
![]() |
|
caseydk (administrator) 2009-12-01 09:30 |
Awesome, you're my hero. I've been concerned about this one but haven't been able to get to it. I'll review this one and merge/offer feedback asap. |
caseydk (administrator) 2009-12-02 14:37 |
Resolved as described in r827; |
![]() |
|||
Date Modified | Username | Field | Change |
---|---|---|---|
2009-12-01 08:11 | madumlao | New Issue | |
2009-12-01 08:11 | madumlao | File Added: addedit.php.diff | |
2009-12-01 09:30 | caseydk | Note Added: 0000617 | |
2009-12-02 14:37 | caseydk | Status | new => resolved |
2009-12-02 14:37 | caseydk | Resolution | open => fixed |
2009-12-02 14:37 | caseydk | Assigned To | => caseydk |
2009-12-02 14:37 | caseydk | Note Added: 0000618 | |
2009-12-02 14:37 | caseydk | Project | v1.1 Release (Closed) => v1.2 Release (Closed) |
2009-12-08 19:02 | caseydk | Status | resolved => closed |
2009-12-08 19:02 | caseydk | Fixed in Version | => 1.2 |