[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpgroupware-tracker] [bugs #8359] minor security problem in class.vfs_
From: |
Dave Hall |
Subject: |
[Phpgroupware-tracker] [bugs #8359] minor security problem in class.vfs_dav.inc.php |
Date: |
Mon, 29 Mar 2004 23:54:09 -0500 |
User-agent: |
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040317 Firefox/0.8 |
This mail is an automated notification from the bugs tracker
of the project: phpGroupWare.
/**************************************************************************/
[bugs #8359] Latest Modifications:
Changes by:
Dave Hall <address@hidden>
'Date:
Tue 03/30/04 at 04:54 (Australia/Melbourne)
What | Removed | Added
---------------------------------------------------------------------------
Status | Open | Closed
/**************************************************************************/
[bugs #8359] Full Item Snapshot:
URL: <http://savannah.gnu.org/bugs/?func=detailitem&item_id=8359>
Project: phpGroupWare
Submitted by: Caeies
On: Mon 03/29/04 at 16:16
Category: API - phpGWapi
Item Group: 0.9.16.000 release
Severity: 5 - Average
Priority: 9 - Immediate
Resolution: Fixed
Assigned to: skwashd
Status: Closed
Component Version: CVS
Platform Version: GNU/Linux - Debian
Reproducibility: Every Time
Summary: minor security problem in class.vfs_dav.inc.php
Original Submission: Heya,
When creating the home user directory (from filemanager), using webdav
repository, the system failed silently to create a .htaccess when required (in
subfolders of the home directory, using the deny in the setup configuration).
The bug is at line 2122 change from this :
if (!$conf->config_data['acl_default'] == 'grant')
to this :
if ($conf->config_data['acl_default'] != 'grant')
And please ever use ( ) when using ! in front of the things.
There is a couple of this in this file and we are not sure if they are right or
not. Need some deeper review.
Thanks for killing it quickly :)
Caeies, bug hunter.
Follow-up Comments
------------------
-------------------------------------------------------
Date: Tue 03/30/04 at 04:53 By: skwashd
Ok, found it - line 2098 on the stock version of the code.
Fixed in cvs.
Please do not post security advisories as bug reports, without attempting to
contact someone from the project first.
Cheers
For detailed info, follow this link:
<http://savannah.gnu.org/bugs/?func=detailitem&item_id=8359>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/