Opened 16 years ago

Last modified 8 years ago

#2702 closed defect

path is leaking some sensitive infos — at Version 3

Reported by: anonymous Owned by: Christian Boos
Priority: normal Component: DoxygenPlugin
Severity: normal Keywords:
Cc: Trac Release: 0.10

Description (last modified by Ryan J Ollos)

Hi,

I'm not sure what's the ?paht=/full/path/diclosure/bla.html good for.

In my opinion it's disclosing potentialy sensitive informations.

Cheers, /thorkill

--- simple fix

  • 0.10/doxygentrac/doxygentrac.py

     
    237237                              href=formatter.href.doxygen())
    238238            else:
    239239                return html.a(label, title=params,
    240                               href=formatter.href.doxygen(link, path=path))
     240                              href=formatter.href.doxygen(link))
    241241        yield ('doxygen', doxygen_link)
    242242
    243243    def get_wiki_syntax(self):

Change History (2)

comment:2 Changed 14 years ago by anonymous

Any plans to merge this in SVN?

comment:3 Changed 14 years ago by Ryan J Ollos

Description: modified (diff)
Note: See TracTickets for help on using tickets.