http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6629
--- Comment #18 from Chris Cormack <[email protected]> 2011-11-25 18:16:25 UTC --- The patch as its stands prevents file traversal, you could only read a file in the current dir with it, but yes you are right g is better. It turns out master and 3.6 are not vulnerable anyway, as if the value of $lang does not match a valid lanuage, it is made undef. So I will do new patches for 3.2.x and 3.4.x So to be clear on 3.4.6 and lower are vulnerable. 3.6.0 and master are not. -- Configure bugmail: http://bugs.koha-community.org/bugzilla3/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA Contact for the bug. You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
