> Hi, Geoff and company. I'm a bit concerned about the latest input
parameters
> added to htsearch:
>
> * htsearch/htsearch.cc (main): Add support for form inputs
> configdir and commondir as contributed by Herbert Martin Dietze
> <[EMAIL PROTECTED]>.
>
> * htsearch/Display.cc (createURL): If configdir and commondir are
> defined, add them to URLs sent for other pages.
I agree. These are serious security holes. What is accomplished by these
parameters can just as easily be accomplished by the allow_in_form parameter
and symbolic links in the conf directory.
+============================================
+ Benjamin Smedberg
+ CUA Asst. Webmaster
+ [EMAIL PROTECTED]
+============================================
+ http://www.acad.cua.edu/cpit/as/bds/
+ How to make God laugh: tell Him YOUR plans!
+============================================
------------------------------------
To unsubscribe from the htdig3-dev mailing list, send a message to
[EMAIL PROTECTED] containing the single word "unsubscribe" in
the SUBJECT of the message.
