Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Direct access of a .php file may disclose full path (internal) #992

Closed
robocoder opened this issue Sep 20, 2009 · 0 comments
Closed

Direct access of a .php file may disclose full path (internal) #992

robocoder opened this issue Sep 20, 2009 · 0 comments
Labels
Bug For errors / faults / flaws / inconsistencies etc. wontfix If you can reproduce this issue, please reopen the issue or create a new one describing it.
Milestone

Comments

@robocoder
Copy link
Contributor

This applies to Files that:

  • require a file using a path not relative to the current directory
  • contain a class that extends an autoloaded class

This class of security vulnerability is invalid/bogus.

Users can:

  • run their web server in a chrooted jail, or
  • use bootstrap.php to relocate .php/.tpl files to a PIWIK_INCLUDE_PATH outside the public document root
@robocoder robocoder added this to the Piwik 0.4.4 milestone Jul 8, 2014
@mattab mattab added the wontfix label Aug 3, 2014
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Bug For errors / faults / flaws / inconsistencies etc. wontfix If you can reproduce this issue, please reopen the issue or create a new one describing it.
Projects
None yet
Development

No branches or pull requests

2 participants