Miklos Vajna wrote: > On Mon, Jul 14, 2008 at 08:40:28PM +0200, Christian Perrier <[EMAIL > PROTECTED]> wrote: > >> When running Pootle as a non privileged user, these "secret" files >> will remain protected (unless of course they're world-readable....). >> > Only admin can change the project settings, and so every user cannot do this.
Moeover the system will only index and display .po and .xlf files, so even if user is providing a link to /etc, nothing will be displayed if that directory don't have any .po/.xlf files > I think it's a bug if a user can read every file the pootle user can. > Think of /etc/passwd and such files. > > While the fact that the pootle user can read it is not a problem, if an > anonymous user can, that's heavily problematic IMHO. > > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------- > Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! > Studies have shown that voting for your favorite open source project, > along with a healthy diet, reduces your potential for chronic lameness > and boredom. Vote Now at http://www.sourceforge.net/community/cca08 > > ------------------------------------------------------------------------ > > _______________________________________________ > Translate-pootle mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/translate-pootle > ------------------------------------------------------------------------- Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! Studies have shown that voting for your favorite open source project, along with a healthy diet, reduces your potential for chronic lameness and boredom. Vote Now at http://www.sourceforge.net/community/cca08 _______________________________________________ Translate-pootle mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/translate-pootle
