| View Issue Details [ Jump to Notes ] | [ Print ] |
| ID | Project | Category | View Status | Date Submitted | Last Update |
| 0010916 | CDash | | public | 2010-06-30 05:53 | 2010-10-28 05:53 |
|
| Reporter | Michal Cihar | |
| Assigned To | Julien Jomier | |
| Priority | normal | Severity | major | Reproducibility | always |
| Status | resolved | Resolution | fixed | |
| Platform | | OS | | OS Version | |
| Product Version | 1.7 | |
| Target Version | | Fixed in Version | 1.8 | |
|
| Summary | 0010916: Fails to escape build name |
| Description | If build name contains slash, the upload to CDash fails, because it attempts to store file with name containing slash:
Deprecated: Function ereg() is deprecated in cdash/ctestparser.php on line 57
Warning: fopen(backup/Gammu_rincewind_Debian/x86_64/WITH_AT_SUPPORT-OFF_20100630-0937-Experimental_127789108352_Configure.xml): failed to open stream: No such file or directory in cdash/ctestparser.php on line 164
Cannot open file (backup/Gammu_rincewind_Debian/x86_64/WITH_AT_SUPPORT-OFF_20100630-0937-Experimental_127789108352_Configure.xml)
|
| Additional Information | More importantly, adding .. to build name could lead to escaping from backup directory and to overwriting arbitrary files on the disk, what is clearly a security issue. |
| Tags | No tags attached. |
|
| Attached Files | |
|