Re: Anyone with PHP skills around capable of patching #X in slbackup-php?

To: debian-edu@lists.debian.org
Subject: Re: Anyone with PHP skills around capable of patching #X in slbackup-php?
From: Petter Reinholdtsen <pere@hungry.com>
Date: Sun, 15 Jan 2012 10:46:09 +0100
Message-id: <[🔎] 20120115094608.GB20560@login2.uio.no>
In-reply-to: <[🔎] 2flsjjiskgo.fsf@login2.uio.no>
References: <[🔎] 2flsjjiskgo.fsf@login2.uio.no>

[Petter Reinholdtsen]
> There is a slbackup-php bug (BTS report submitted, no # yet) that is
> of the few fatal problems with our Debian Edu/Squeeze version soon
> to be finished.  Anyone with PHP skills around capable of providing
> a patch to fix the problem?

The bug number is #655832.  Please, if you know PHP, have a look and
fix a patch.  The next stable update is next weekend, and we really
should have a fix in place before this.

When I had a look at the cookies set by slbackup-php, I was surprised
to find two cookies with paths in them, one pointing to the script and
another to a template.  Is this a security issue, where the user can
fool the script to show files the user should not have access to?
-- 
Happy hacking
Petter Reinholdtsen

Reply to:

Follow-Ups:
- Re: Anyone with PHP skills around capable of patching #X in slbackup-php?
  - From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>

References:
- Anyone with PHP skills around capable of patching #X in slbackup-php?
  - From: Petter Reinholdtsen <pere@hungry.com>

Prev by Date: Re: squeeze manual
Next by Date: debian-edu-config_1.448~svn75368_i386.changes ACCEPTED
Previous by thread: Anyone with PHP skills around capable of patching #X in slbackup-php?
Next by thread: Re: Anyone with PHP skills around capable of patching #X in slbackup-php?
Index(es):
- Date
- Thread