Miklos Vajna wrote:
On Mon, Jul 14, 2008 at 08:40:28PM +0200, Christian Perrier [EMAIL
PROTECTED] wrote:
When running Pootle as a non privileged user, these secret files
will remain protected (unless of course they're world-readable).
Only admin can change the project settings, and so every user
cannot do this.
Moeover the system will only index and display .po and
.xlf files, so even if user is providing a link to /etc, nothing will
be displayed if that directory don't have any .po/.xlf files
I think it's a bug if a user can read every file the pootle user can.
Think of /etc/passwd and such files.
While the fact that the pootle user can read it is not a problem, if an
anonymous user can, that's heavily problematic IMHO.
-
Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW!
Studies have shown that voting for your favorite open source project,
along with a healthy diet, reduces your potential for chronic lameness
and boredom. Vote Now at http://www.sourceforge.net/community/cca08
___
Translate-pootle mailing list
Translate-pootle@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/translate-pootle
-
Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW!
Studies have shown that voting for your favorite open source project,
along with a healthy diet, reduces your potential for chronic lameness
and boredom. Vote Now at http://www.sourceforge.net/community/cca08
___
Translate-pootle mailing list
Translate-pootle@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/translate-pootle