Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Rework the bug action group api such that we can easily convert this …
…to an object in the future, and to validate calls to require once. This leads to a security issue identified by IBM's Appscan program, whereby calls to require_once are not validated. Depending on webserver configuration, this is a file inclusion vulnerability. There will be a follow up commit to config api - probably: - if( $g_project_override != null ) { + if( $g_project_override != null && $p_project == null ) { At the moment, the action group API calls config_get with a project parameter to use. This is ignored, due to project_override being set - so we either need to: a) change project override within the command list function b) modifify config api to only use the project override *if* it is attempting to look up information on the default project.
- Loading branch information
Showing
8 changed files
with
36 additions
and
47 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters