Red Hat Linux
Click URL instructions:
Right-click on ad, choose "Copy Link", then paste here →
(This may not be possible with some types of ads)
You seem to have CSS turned off.
Please don't fill out this field.
Briefly describe the problem (required):
Please provide the ad click URL, if possible:
Is the following a known problem?
Looking into the current CVS, I cannot see any pathname checking. Using t=
template editor, any user with tiki_p_edit_templates can read any file on=
system hosting the tiki.
I believe, tiki should at least check the effective pathname=20
(http://www.php.net/manual/en/function.realpath.php) to be below=20
DOCUMENT_ROOT, if now below tiki root or even to be below template root (=
Sign up for the SourceForge newsletter: