r3 - 13 Feb 2006 - 12:39:17 - CrawfordCurrieYou are here: TWiki > 
Codev Web > ViewfileDoesntCheckPermissions
Codev Web > ViewfileDoesntCheckPermissionsTags:
Bug: viewfile does not check permissions
AFAICT the shippedviewfile script does not check permissions. This means that a footpad who knew the name of an attachment to a secured topic can access it. Worse, if the filename parameter is not passed, the footpad can get a listing of the pub directory for that topic.
-- CrawfordCurrie - 03 Dec 2004
Fixed in Dakar.
-
Codev Web
-
Readme first
-
Developers News
-
Changes
-
Major Only
- All Webs
-
RSS Feed
-
Search
- Advanced
-
Topics of interest
-
Categories
-
All tags / My tags
Create New Topic
Georgetown
TWiki 4.2.0- TWiki community
- TWiki marketing
- TWiki advocacy
- TWiki deployment
- Dev questions
- TWiki competition
- Usability
- Security
- Community
- How you can help
- Community roles
-
Answer Support questions
- Community
- #twiki (IRC)
- — logs
- Meet others
- Webs
-
Blog
- Codev
- Main
- Plugins
- Sandbox
- Support
- TWiki
- TWiki01
- TWiki02
- TWiki03
- TWiki04
- TWiki04x01
- TWiki04x02
 |
|
Copyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding TWiki? Send feedback