[Pkg-mediawiki-devel] Bug#685324: Local File Inclusion Vulnerability in contrib script
Steven Chamberlain
steven at pyro.eu.org
Tue Aug 21 22:41:43 UTC 2012
tags 685324 = security upstream patch
thanks
Bug affects an example script in the documentation only.
Untrusted paths are used by file() and opendir(). A patch committed
upstream tries to sanitise the inputs. [1]
But these and other user-supplied data are still echoed out unescaped,
so I think would allow XSS if someone used the script on a public-facing
webserver. The code looks like it might have all sorts of other issues.
It seems obsoleted by cssgen2.php, which does not need to accept user
input at all. That is distributed already in php-geshi 1.0.8.4-1.
So I suggest removing the cssgen.php file altogether. Thank you.
[1]
http://geshi.svn.sourceforge.net/viewvc/geshi/trunk/geshi-1.0.X/src/contrib/cssgen.php?r1=2507&r2=2506&pathrev=2507
Regards,
--
Steven Chamberlain
steven at pyro.eu.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: bug685324.patch
Type: text/x-patch
Size: 15254 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-mediawiki-devel/attachments/20120821/af1173dc/attachment.bin>
More information about the Pkg-mediawiki-devel
mailing list