#1212 closed enhancement (duplicate)
Security issue allowing to download files of the server running trac
| Reported by: | Daniel Werner | Owned by: | Radek Bartoň |
|---|---|---|---|
| Priority: | highest | Component: | DoxygenPlugin |
| Severity: | critical | Keywords: | security |
| Cc: | Trac Release: | 0.10 |
Description
By entering any path and a corresponding file after any of the html files generated by Doxygen in the following url:
http://tracServer/projects/oneProject/doxygen/html/index.html?path=%2fpath%2fto%2fa%2ffile
it allows to download this specified file which is a big security issue.
Attachments (0)
Change History (8)
comment:1 Changed 18 years ago by
| Resolution: | → duplicate |
|---|---|
| Status: | new → closed |
comment:3 Changed 18 years ago by
comment:4 follow-up: 7 Changed 18 years ago by
Are you sure you cleared the web browser cache?
Try with another file (never downloaded so far), just to be sure.
comment:5 Changed 18 years ago by
arghl!.. can't test it right now! We will have to wait Monday ! :)
comment:7 follow-up: 8 Changed 18 years ago by
Replying to cboos:
Are you sure you cleared the web browser cache?
Try with another file (never downloaded so far), just to be sure.
Actually it did not solve the problem on my installation. I tried with a never downloaded file and I still could download it.. Dunno why!?
comment:8 Changed 18 years ago by
Replying to Daniel Werner <dwarf007 ... moesbar ... net>:
Actually it did not solve the problem on my installation. I tried with a never downloaded file and I still could download it.. Dunno why!?
sorry... I reinstalled it properly from the svn repository and it worked. Must have done something wrong the last time.
Already reported in #951, yes I know, I'm really lousy with that one :(
A patch would help...