Context Navigation

Modify ↓

#444 closed defect (fixed)

the cache directory is set to /tmptracrss , gives you apermission denied

Reported by:	tat@…	Owned by:	Graeme Worthy
Priority:	high	Component:	RssGetMacro
Severity:	critical	Keywords:	rss macro
Cc:		Trac Release:	0.9

Description

change line 29 from CACHE_DIR = "/tmp"; to CACHE_DIR = "/tmp/";

otherwhise the cache dir is /tmptracrss and i get a permission denied from my webserver,

would be interesting, if i can upload a exloit with this plugin if i point it to a malicious rss feed, just how to execute it after, did you ever think about this ???

Attachments (0)

Change History (2)

comment:1 Changed 18 years ago by GraemeWorthy

Resolution:	→ fixed
Status:	new → closed

(In [965]) fixes #444

comment:2 Changed 18 years ago by GraemeWorthy

This revision fixes the dir creation bug as well it adds escaping of content to minimise the possibility of malicious data

Modify Ticket

Change Properties

Summary:
Type:	Priority:
Component:	Severity:
Keywords:	Cc:	Set your email in Preferences
Trac Release:

Action

leave as closed The owner will remain Graeme Worthy.

reopen The resolution will be deleted. Next status will be 'reopened'.

Add Comment

Your email or username:

E-mail address and name can be saved in the Preferences.

You may use WikiFormatting here.

Attachments ↑ Description ↑

Note: See TracTickets for help on using tickets.

Download in other formats: