phpgroupware-tracker
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Phpgroupware-tracker] [bugs #8359] minor security problem in class.vfs_

From: Dave Hall
Subject: [Phpgroupware-tracker] [bugs #8359] minor security problem in class.vfs_dav.inc.php
Date: Mon, 29 Mar 2004 23:54:09 -0500
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040317 Firefox/0.8 
This mail is an automated notification from the bugs tracker
 of the project: phpGroupWare.

/**************************************************************************/
[bugs #8359] Latest Modifications:

Changes by: 
                Dave Hall <address@hidden>
'Date: 
                Tue 03/30/04 at 04:54 (Australia/Melbourne)

            What     | Removed                   | Added
---------------------------------------------------------------------------
              Status | Open                      | Closed







/**************************************************************************/
[bugs #8359] Full Item Snapshot:

URL: <http://savannah.gnu.org/bugs/?func=detailitem&item_id=8359>
Project: phpGroupWare
Submitted by: Caeies
On: Mon 03/29/04 at 16:16

Category:  API - phpGWapi
Item Group:  0.9.16.000 release
Severity:  5 - Average
Priority:  9 - Immediate
Resolution:  Fixed
Assigned to:  skwashd
Status:  Closed
Component Version:  CVS
Platform Version:  GNU/Linux - Debian
Reproducibility:  Every Time


Summary:  minor security problem in class.vfs_dav.inc.php

Original Submission:  Heya,

When creating the home user directory (from filemanager), using webdav 
repository, the system failed silently to create a .htaccess when required (in 
subfolders of the home directory, using the deny in the setup configuration).

The bug is at line 2122 change from this :
 if (!$conf->config_data['acl_default'] == 'grant')

to this :
 if ($conf->config_data['acl_default'] != 'grant')

And please ever use ( ) when using ! in front of the things.
There is a couple of this in this file and we are not sure if they are right or 
not. Need some deeper review.

Thanks for killing it quickly :)

Caeies, bug hunter.

Follow-up Comments
------------------


-------------------------------------------------------
Date: Tue 03/30/04 at 04:53         By: skwashd
Ok, found it - line 2098 on the stock version of the code.

Fixed in cvs.

Please do not post security advisories as bug reports, without attempting to 
contact someone from the project first.

Cheers












For detailed info, follow this link:
<http://savannah.gnu.org/bugs/?func=detailitem&item_id=8359>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/
reply via email to
[Prev in Thread] Current Thread [Next in Thread]