Tigase Forge
Dashboards
Projects
Global Views
Code Search
server-core
Code
Pull Requests
Issues
List
Boards
Iterations
Builds
Packages
Statistics
Child Projects
OneDev 11.9.7
Documentation Support & Bug Report RESTful API Incompatibilities License Agreement Check Update
Projects tigase _server server-core Issues #484
Get Any File (#484)
Eric Dziewa opened 1 decade ago
Due Date
2015-09-29

Works.

Not sure if allowing admin to leave tigase-server directory is a good idea ie. ../../../etc/passwd.

  • Daniel Wisnewski commented 1 decade ago

    Andrzej, are we okay with allowing directory navigation with this command?

  • Andrzej Wójcik (Tigase) commented 1 decade ago

    This commands are by default allowed to be executed only by server administrators, so I would say this is OK.

    %kobit - do you agree?

  • Artur Hefczyc commented 1 decade ago

    I agree with Andrzej. An admin can even upload a new admin script which can do basically anything, so restricting directory navigation in this particular case does not help.

issue 1 of 1
Type
Bug
Priority
Normal
Assignee
Artur Hefczyc
RedmineID
3100
Version
tigase-server-7.1.0
Issue Votes (0)
Login to vote
Watchers (0)
Reference
tigase/_server/server-core#484
Please wait...
Page is in error, reload to recover