Ticket #444 (closed defect: fixed)

Opened 2 years ago

Last modified 1 year ago

the cache directory is set to /tmptracrss , gives you apermission denied

Reported by: tat@riseup.net Assigned to: Graeme Worthy
Priority: high Component: RssGetMacro
Severity: critical Keywords: rss macro
Cc: Trac Release: 0.9

Description

change line 29 from CACHE_DIR = "/tmp"; to CACHE_DIR = "/tmp/";

otherwhise the cache dir is /tmptracrss and i get a permission denied from my webserver,

would be interesting, if i can upload a exloit with this plugin if i point it to a malicious rss feed, just how to execute it after, did you ever think about this ???

Attachments

Change History

06/27/06 14:53:32 changed by GraemeWorthy

  • status changed from new to closed.
  • resolution set to fixed.

(In [965]) fixes #444

06/27/06 14:56:28 changed by GraemeWorthy

This revision fixes the dir creation bug as well it adds escaping of content to minimise the possibility of malicious data

Add/Change #444 (the cache directory is set to /tmptracrss , gives you apermission denied)




Change Properties
Action