Opened 7 years ago

Last modified 4 years ago

#2702 new defect

path is leaking some sensitive infos

Reported by: anonymous Owned by: cboos
Priority: normal Component: DoxygenPlugin
Severity: normal Keywords:
Cc: Trac Release: 0.10

Description (last modified by rjollos)


I'm not sure what's the ?paht=/full/path/diclosure/bla.html good for.

In my opinion it's disclosing potentialy sensitive informations.


--- simple fix

  • 0.10/doxygentrac/

    237237                              href=formatter.href.doxygen()) 
    238238            else: 
    239239                return html.a(label, title=params, 
    240                               href=formatter.href.doxygen(link, path=path)) 
     240                              href=formatter.href.doxygen(link)) 
    241241        yield ('doxygen', doxygen_link) 
    243243    def get_wiki_syntax(self): 

Attachments (0)

Change History (2)

comment:2 Changed 5 years ago by anonymous

Any plans to merge this in SVN?

comment:3 Changed 4 years ago by rjollos

  • Description modified (diff)

Add Comment

Modify Ticket

as new .

E-mail address and user name can be saved in the Preferences.

Note: See TracTickets for help on using tickets.