•  
      request #10577 Codendi_File class exposes unsecure methods
    Infos
    #10577
    Thomas Gerbet (tgerbet)
    2017-08-23 17:45
    2017-08-18 15:15
    10819
    Details
    Codendi_File class exposes unsecure methods
    The methods exposed by this class could lead to shell injections.
    Other
    All
    Empty
    • [ ] enhancement
    • [x] internal improvement
    Empty
    Stage
    Empty
    Closed
    2017-08-18
    Attachments
    Empty
    References

    Follow-ups

    User avatar
    Thomas Gerbet (tgerbet)2017-08-18 15:30
    In fact these methods are indirectly used. I'm just going to fix the potential security issues.

    The semi-dependency there is on PEAR HTTP_Download should probably be dropped in the (not too far) future. It's not maintained anymore and the code will probably not run properly on recent PHP version.

    • Summary
      -Remove insecure method exposed by the Codendi_File class 
      +Codendi_File class exposes unsecure methods 
    • Original Submission
      Something went wrong, the follow up content couldn't be loaded
      Only formatting have been changed, you should switch to markup to see the changes