Modify ↓
#444 closed defect (fixed)
the cache directory is set to /tmptracrss , gives you apermission denied
Reported by: | Owned by: | Graeme Worthy | |
---|---|---|---|
Priority: | high | Component: | RssGetMacro |
Severity: | critical | Keywords: | rss macro |
Cc: | Trac Release: | 0.9 |
Description
change line 29 from CACHE_DIR = "/tmp"; to CACHE_DIR = "/tmp/";
otherwhise the cache dir is /tmptracrss and i get a permission denied from my webserver,
would be interesting, if i can upload a exloit with this plugin if i point it to a malicious rss feed, just how to execute it after, did you ever think about this ???
Attachments (0)
Change History (2)
comment:1 Changed 18 years ago by
Resolution: | → fixed |
---|---|
Status: | new → closed |
comment:2 Changed 18 years ago by
This revision fixes the dir creation bug as well it adds escaping of content to minimise the possibility of malicious data
Note: See
TracTickets for help on using
tickets.
(In [965]) fixes #444