[Bug 14408] Path traversal vulnerabilty
23 Jun
2015
23 Jun
'15
2:57 p.m.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14408 --- Comment #29 from Jonathan Druart <jonathan.druart@biblibre.com> --- (In reply to Fridolin SOMERS from comment #25)
There is a problem with some pages calling get_template_and_user with empty string in template_name :
acqui/updatesupplier.pl opac/opac-ratings.pl tools/quotes/quotes_ajax.pl tools/quotes/quotes-upload_ajax.pl
Should we accept empty string or correct those pages to use has_permission() ?
Yes, I think so. Did you open a new bug report? -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
4041
Age (days ago)
4041
Last active (days ago)
0 comments
1 participants
participants (1)
-
bugzilla-daemon@bugs.koha-community.org