Modify

Opened 12 years ago

Closed 11 years ago

Last modified 10 years ago

#444 closed defect (fixed)

the cache directory is set to /tmptracrss , gives you apermission denied

Reported by: tat@… Owned by: Graeme Worthy
Priority: high Component: RssGetMacro
Severity: critical Keywords: rss macro
Cc: Trac Release: 0.9

Description

change line 29 from CACHE_DIR = "/tmp"; to CACHE_DIR = "/tmp/";

otherwhise the cache dir is /tmptracrss and i get a permission denied from my webserver,

would be interesting, if i can upload a exloit with this plugin if i point it to a malicious rss feed, just how to execute it after, did you ever think about this ???

Attachments (0)

Change History (2)

comment:1 Changed 11 years ago by GraemeWorthy

Resolution: fixed
Status: newclosed

(In [965]) fixes #444

comment:2 Changed 11 years ago by GraemeWorthy

This revision fixes the dir creation bug as well it adds escaping of content to minimise the possibility of malicious data

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain Graeme Worthy.
The resolution will be deleted.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.