Re: Anyone with PHP skills around capable of patching #X in slbackup-php?
[Petter Reinholdtsen]
> There is a slbackup-php bug (BTS report submitted, no # yet) that is
> of the few fatal problems with our Debian Edu/Squeeze version soon
> to be finished. Anyone with PHP skills around capable of providing
> a patch to fix the problem?
The bug number is #655832. Please, if you know PHP, have a look and
fix a patch. The next stable update is next weekend, and we really
should have a fix in place before this.
When I had a look at the cookies set by slbackup-php, I was surprised
to find two cookies with paths in them, one pointing to the script and
another to a template. Is this a security issue, where the user can
fool the script to show files the user should not have access to?
--
Happy hacking
Petter Reinholdtsen
Reply to: