The vulnerability does NOT exist in eGroupWare, as the code does NOT get
called:
// finally our print our footer
if (is_object($GLOBALS['egw'])) {
$GLOBALS['egw']->common->egw_footer();
} else {
require_once(APP_ROOT . '/includes/system_footer.php');
}
include/system_footer.php also prevents direct calling via the URL.
So I can only second Peters opinion that the fix is not necessary,
thought it does not hurt, as the (fixed) code never get's called in eGW.
Ralf
eGroupWare developer and admin
--
Ralf Becker
eGroupWare Training & Support ==> http://www.egroupware-support.de
Outdoor Unlimited Training GmbH [www.outdoor-training.de]
Handelsregister HRB Kaiserslautern 3587
Geschäftsführer Birgit und Ralf Becker
Leibnizstr. 17, 67663 Kaiserslautern, Germany
Telefon +49 (0)631 31657-0
