Tigase Forge
Dashboards
Projects
Pull Requests
Issues
Builds
Packages
Code Search
server-core
Code
Pull Requests
Issues
List
Boards
Iterations
Timesheets
Builds
Packages
Statistics
Child Projects
OneDev 10.9.4
Documentation Support & Bug Report RESTful API Incompatibilities License Agreement Check Update
Projects tigase _server server-core Issues #484
Get Any File (#484)
Closed
Eric Dziewa opened 9 years ago
Due Date
2015-09-29

Works.

Not sure if allowing admin to leave tigase-server directory is a good idea ie. ../../../etc/passwd.
Daniel Wisnewski commented 9 years ago

Andrzej, are we okay with allowing directory navigation with this command?
Andrzej Wójcik (Tigase) commented 9 years ago

This commands are by default allowed to be executed only by server administrators, so I would say this is OK.

%kobit - do you agree?
Artur Hefczyc commented 9 years ago

I agree with Andrzej. An admin can even upload a new admin script which can do basically anything, so restricting directory navigation in this particular case does not help.
issue 1 of 1
Type
Bug
Priority
Normal
Assignee
Artur Hefczyc
RedmineID
3100
Version
tigase-server-7.1.0
Child Issue
Parent Issue
#468 Closed
HTTP Admin UI
Issue Votes (0)
Login to vote
Watchers (0)
Reference
tigase/_server/server-core#484
Please wait...
Page is in error, reload to recover