You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Because the script allow opening/viewing itself, if the script is located in $root_path a read only user can read credentials of others users (in $auth_users configuration variable) and then gain write access.
Proposition: add an option to disallow the script to view itself.
The text was updated successfully, but these errors were encountered:
C-Duv
changed the title
Script allow readonly users to read credentials of other users
Script allows read-only users to read credentials of other users
Jun 15, 2017
This filemanager was created as developer tool. And I'm planning to remove some features which not usable for me as developer: hiding hidden files, readonly users etc.
Please use elFinder if you want to give access to unreliable users. Or fork this repo and create new features.
Because the script allow opening/viewing itself, if the script is located in
$root_path
a read only user can read credentials of others users (in$auth_users
configuration variable) and then gain write access.Proposition: add an option to disallow the script to view itself.
The text was updated successfully, but these errors were encountered: