unfortunately phpix2 contains the same security vulnerability as the original phpix. A creative editing of the URL (replacing the picturename with "../") allows any viewer to traverse the directory path up.
I've submitted a security patch for this problem on phpix early October. To find my patch check under patches in the original phpix project (http://sourceforge.net/bugs/?group_id=11593).
regards,
Heiko
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Anonymous
-
2001-01-06
Well that won't do.
I've got a fix in that I'll upload right away as pre2.
Thanks, Heiko. Your other suggestions are good too, but this one deserves an immediate response.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi,
unfortunately phpix2 contains the same security vulnerability as the original phpix. A creative editing of the URL (replacing the picturename with "../") allows any viewer to traverse the directory path up.
I've submitted a security patch for this problem on phpix early October. To find my patch check under patches in the original phpix project (http://sourceforge.net/bugs/?group_id=11593).
regards,
Heiko
Well that won't do.
I've got a fix in that I'll upload right away as pre2.
Thanks, Heiko. Your other suggestions are good too, but this one deserves an immediate response.
Neale,
thanks for the quick action!
regards,
Heiko