forum.coppermine-gallery.net

Dev Board => cpg1.4 Testing/Bugs => cpg1.4 Testing/Bugs: FIXED/CLOSED => Topic started by: Andi on December 12, 2004, 07:18:45 pm

Title: small security problem in anycontent.php
Post by: Andi on December 12, 2004, 07:18:45 pm

Hi :)

if you open the file anycontent.php directly, the following message appears:

Quote

Fatal error: Call to undefined function starttable() in xxx\anycontent.php on line 32

Version:
anycontent.php,v 1.10 2004/09/25 19:09:40 caspershadow

Title: Re: small security problem in anycontent.php
Post by: Casper on December 12, 2004, 08:15:33 pm

Yes, but anycontent.php is not designed to be called directly.  It works fine when used as designed.

How is this a security problem?

Title: Re: small security problem in anycontent.php
Post by: Andi on December 12, 2004, 08:19:15 pm

Quote

How is this a security problem?

Hi :)

so called "full path disclosure"

Title: Re: small security problem in anycontent.php
Post by: kegobeer on December 12, 2004, 08:40:22 pm

Fixed easily enough with

Code: [Select]

if (!defined('IN_COPPERMINE')) die('Not in Coppermine...');

Title: Re: small security problem in anycontent.php
Post by: Joachim Müller on December 14, 2004, 07:48:41 am

committed to devel branch.

Joachim