[Date Prev][Date Next][Thread Prev][Thread Next][Interchange by date
][Interchange by thread
]
[ic] Re: Security hole in IC admin
Oops. I made a mistake in one of the patches. Using the localization
function errmsg() in do_view works in 4.7.x, but it 4.6.x it generates an
error. (The function was not imported into the current package namespace.)
This error still keeps the file from being displayed, but it's not ideal.
A better patch follows. Sorry about that.
Jon
Index: do_view.html
===================================================================
RCS file: /anon_cvs/repository/interchange/dist/lib/UI/pages/admin/do_view.html,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- do_view.html 2000/08/05 13:55:37 1.2
+++ do_view.html 2001/04/14 22:28:29 1.3
@@ -1,6 +1,10 @@
[seti total_junk][perl]
delete $Scratch->{violation};
$_ = delete $Session->{arg};
+ $Scratch->{violation} = 'Must be logged in.'
+ unless $Session->{logged_in};
+ $Scratch->{violation} = 'Must be logged in as admin.'
+ unless $Session->{admin};
$Scratch->{violation} = 'No .. allowed in file name.'
if m{\.\./};
$Scratch->{violation} = 'No | allowed.'
_______________________________________________
Interchange-users mailing list
Interchange-users@lists.akopia.com
http://lists.akopia.com/mailman/listinfo/interchange-users
