Please sign in to comment.
Bug 6628 : Stopping a potential vulnerability
Signed-off-by: Frère Sébastien Marie <email@example.com> Signed-off-by: Katrin Fischer <Katrin.Fischer.firstname.lastname@example.org> - verified help pages still work - verified /cgi-bin/koha/help.pl?url=koha/../catalogue/advsearch.pl does not show the template file (did work on master, not after applying patch) - verified cgi-bin/koha/help.pl?url=koha/../../../../../../etc/passwd%00.pl does not work (didn't work on master or after applying patch) Signed-off-by: Paul Poulain <email@example.com> The potential vulnerability would allow anyone to see the content of any .tt file, and .tt only. Was much less critical than the vulnerability for 6629, but it's worth fixing !
- Loading branch information...