Modify

Opened 9 years ago

Closed 8 years ago

Last modified 7 years ago

#444 closed defect (fixed)

the cache directory is set to /tmptracrss , gives you apermission denied

Reported by: tat@… Owned by: Graeme Worthy
Priority: high Component: RssGetMacro
Severity: critical Keywords: rss macro
Cc: Trac Release: 0.9

Description

change line 29 from CACHE_DIR = "/tmp"; to CACHE_DIR = "/tmp/";

otherwhise the cache dir is /tmptracrss and i get a permission denied from my webserver,

would be interesting, if i can upload a exloit with this plugin if i point it to a malicious rss feed, just how to execute it after, did you ever think about this ???

Attachments (0)

Change History (2)

comment:1 Changed 8 years ago by GraemeWorthy

  • Resolution set to fixed
  • Status changed from new to closed

(In [965]) fixes #444

comment:2 Changed 8 years ago by GraemeWorthy

This revision fixes the dir creation bug as well it adds escaping of content to minimise the possibility of malicious data

Add Comment

Modify Ticket

Action
as closed The owner will remain Graeme Worthy.
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.