Opened 16 years ago

Last modified 16 years ago

#1259 confirmed Bug

Perl connector does not conform to our standards

Reported by: Wiktor Walc Owned by:
Priority: Normal Milestone:
Component: Server : Perl Version:
Keywords: Cc:


Each connector uses it's own config file, perl's not. And correct me if I'm wrong, it contains a possible security hole here:

	if($FORM{'ServerPath'} ne "") {
		$GLOBALS{'UserFilesPath'} = $FORM{'ServerPath'};
		if(!($GLOBALS{'UserFilesPath'} =~ /\/$/)) {
			$GLOBALS{'UserFilesPath'} .= '/' ;
	} else {
		$GLOBALS{'UserFilesPath'} = '/userfiles/';

by sending malformed ServerPath we can make some bad things. I think that it would be good to adjust perl connector to our standards (so that ServerPath could be defined in cofig file, not as a part of url) and btw. it would be good to make it's own page in (Integration section).

Change History (2)

comment:1 Changed 16 years ago by Alfonso Martínez de Lizarrondo

Component: File BrowserServer : Perl

comment:2 Changed 16 years ago by Wojciech Olchawa

Keywords: Confirmed added
Note: See TracTickets for help on using tickets.
© 2003 – 2022, CKSource sp. z o.o. sp.k. All rights reserved. | Terms of use | Privacy policy