Menu
▾
▴
Re: [mantisbt-dev] Admin checks for paths in 1.3
|
From: Damien R. <dam...@me...> - 2011-08-11 18:03:16
|
On 08/11/2011 12:31 PM, David Hicks wrote: > Agreed with adding an is_readable check. > However I think a second check > for permissions would be better than merging it with the existing is_dir > check. The reason being that users will at least know whether it's a > problem with symlinks/whatever other interesting directory paths they're > using vs. a permissions issue on the final path. > patch doesn't appear to > properly escape configuration values before printing them to the user. > htmlspecialchars() is probably needed in this instance - and any other > instance were we take configuration values, user supplied or stored > data, etc and dump it to the screen. Will make the changes when I get back from vacation :-) Thanks for your feedback. Damien |