[
https://issues.apache.org/jira/browse/SHINDIG-5?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12557398#action_12557398
]
Kevin Brown commented on SHINDIG-5:
-----------------------------------
$_SERVER['HTTP_HOST'] is also exploitable because HTTP_HOST actually comes from
the HTTP Host header, which is sent by the client. It's probably not a big deal
in this particular case, but it's something to watch out for.
> Missing /xn direcory for PHP implementation
> -------------------------------------------
>
> Key: SHINDIG-5
> URL: https://issues.apache.org/jira/browse/SHINDIG-5
> Project: Shindig
> Issue Type: Bug
> Reporter: Martin Webb
>
> On line 376 of ./php/container.php there is a reference to an /xn directory:
> $request = do_curl_request("http://"; . $_SERVER['HTTP_HOST'] .
> "/xn/rest/1.0/profile:" . $screenName .
> "/contact(relationship='friend'&onNing='true')?begin=0&end=25&xn_auth=no");
> Missing reference implementation.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
