[Koha-bugs] [Bug 6874] File upload in MARC
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Mon Oct 10 00:32:58 CEST 2011
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6874
--- Comment #8 from Robin Sheat <robin at catalyst.net.nz> 2011-10-09 22:32:58 UTC ---
Multiple instances is when you're running more than one koha instance on a
server.
Having the files accessible directly through apache strikes me as problematic.
Adding an alias doesn't solve that really, and I don't think chmod 0644 will
either. For a simple example, what if someone uploads a PHP file and you have
mod_php enabled?
The patch has a lot of 'warn's in it, looks like debug code.
Most of the functions are undocumented, which is bad.
Putting HTML/Javascript in .pl files is something that should really really be
avoided, it's violating separation of concerns (I know that other parts of Koha
have that, that upsets me too :) It should be pushed into a template.
I note that you search through to find a free filename. I can't tell what the
base name will be (or perhaps it's provided by the uploader), but that a) risks
a (very unlikely) race condition, and b) could get slow if there are many
files. Perhaps include a timestamp as well?
If the OPAC is set so that it requires a valid login to access, then this will
still allow those files to be accessible, which is bad.
--
Configure bugmail: http://bugs.koha-community.org/bugzilla3/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA Contact for the bug.
More information about the Koha-bugs
mailing list