Opened 16 years ago

Closed 6 years ago

#951 closed defect (fixed)

Any file in the file system can be accessed via the Doxygen plugin

Reported by: alastair@… Owned by: Christian Boos
Priority: highest Component: DoxygenPlugin
Severity: major Keywords:
Cc: Trac Release: 0.10


Similar to ticket #722, links to the DoxygenPlugin in wiki articles suffer the same issue of missing a trailing slash. I tried searching the Python source for a solution, but to no avail (I'm no Python coder!), and it only applies to pages that the plugin is unable to serve.

Additionally, I've found that in wiki links that are interpreted properly, the full filesystem location of the file to be served is present in the URL. Please can this be changed; after all, it doesn't happen if you visit the same pages by browsing through the links.

Attachments (0)

Change History (9)

comment:1 Changed 16 years ago by Radek Bartoň

Owner: changed from Radek Bartoň to Christian Boos

You obviously ment ticket #772. DoxygenPlugin is currently developed by cboos, so I'm reassigning this ticket to him. But IMHO it is duplicate and this information should be appended to #772.

comment:2 Changed 16 years ago by Christian Boos

Ack, but unfortunately these days I've been too busy with Trac itself. Patches welcomed ;)

The DoxygenPlugin is now also getting higher on my TODO list as I want to migrate it to 0.11. Before that, I'll try to close existing issues.

comment:3 Changed 16 years ago by marko@…

Priority: highhighest
Severity: majorblocker
Summary: Wrong link path in Wiki links and filesystem location of doc in URLAny file in the file system can be accessed via the Doxygen plugin

There is a *huge* security vulnerability in the "path" GET parameter described in this ticket.

You can replace the absolute path shown with, say, /etc/passwd and receive a copy of the that file.

comment:4 Changed 15 years ago by Christian Boos

Status: newassigned

#1212 also urges about this...

comment:5 Changed 15 years ago by Christian Boos

r1983 should fix this, please test.

Problem is, that plugin really needs a rewrite, maybe I'll do it when porting to 0.11...

comment:6 Changed 13 years ago by anonymous

Update please. Is it fixed in 0.11?

comment:7 Changed 12 years ago by slick666

Looking for update to this. Is this not that serious of an issue?

comment:8 Changed 12 years ago by Christian Boos

Severity: blockermajor

I never got a reply to comment:5 ... for me the issue was fixed.

So if someone has an issue with this plugin, he's welcome to contribute patches. After all, that's how I came up there, I wanted to use that plugin, realized it was not working as well as I expected, contributed a few patches for fixing several issues, and made some improvements like the 0.11 port. Anyone is welcomed to do the same.

comment:9 Changed 6 years ago by Committo-Ergo-Sum

Resolution: fixed
Status: assignedclosed

In 15358:

DoxygenPlugin: new implementation of IRequestHandler methods. In particular, the "path" parameter in the query-string is droped. This fixes #772 #951 #962 #1564 and #2702 who complain about the security vulnerability it may contain, and other wrong path generations.

Modify Ticket

Change Properties
Set your email in Preferences
as closed The owner will remain Christian Boos.
The resolution will be deleted. Next status will be 'reopened'.

Add Comment

E-mail address and name can be saved in the Preferences.

Note: See TracTickets for help on using tickets.