[koha-commits] main Koha release repository branch new/bug_6628 created. v3.06.00-84-g8664d19
Git repo owner
gitmaster at git.koha-community.org
Mon Nov 28 10:07:08 CET 2011
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "main Koha release repository".
The branch, new/bug_6628 has been created
at 8664d195671c1a65af7b205b14099c1581c0500b (commit)
- Log -----------------------------------------------------------------
commit 8664d195671c1a65af7b205b14099c1581c0500b
Author: Chris Cormack <chrisc at catalyst.net.nz>
Date: Sat Nov 26 07:39:51 2011 +1300
Bug 6628 : Stopping a potential vulnerability
Signed-off-by: Frère Sébastien Marie <semarie-koha at latrappe.fr>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83 at web.de>
- verified help pages still work
- verified /cgi-bin/koha/help.pl?url=koha/../catalogue/advsearch.pl does not
show the template file (did work on master, not after applying patch)
- verified cgi-bin/koha/help.pl?url=koha/../../../../../../etc/passwd%00.pl does not work (didn't work on master or after applying patch)
Signed-off-by: Paul Poulain <paul.poulain at biblibre.com>
The potential vulnerability would allow anyone to see the content of any .tt file, and .tt only. Was much less critical than the vulnerability for 6629, but it's worth fixing !
-----------------------------------------------------------------------
hooks/post-receive
--
main Koha release repository
More information about the koha-commits
mailing list