[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Anyone with PHP skills around capable of patching #X in slbackup-php?

[Petter Reinholdtsen]
> There is a slbackup-php bug (BTS report submitted, no # yet) that is
> of the few fatal problems with our Debian Edu/Squeeze version soon
> to be finished.  Anyone with PHP skills around capable of providing
> a patch to fix the problem?

The bug number is #655832.  Please, if you know PHP, have a look and
fix a patch.  The next stable update is next weekend, and we really
should have a fix in place before this.

When I had a look at the cookies set by slbackup-php, I was surprised
to find two cookies with paths in them, one pointing to the script and
another to a template.  Is this a security issue, where the user can
fool the script to show files the user should not have access to?
Happy hacking
Petter Reinholdtsen

Reply to: