[RCD] /bin utilities

Kris Steinhoff steinhof at umich.edu
Tue Dec 9 20:40:32 CET 2008


While it is still unclear whether or not there is a problem with 
bin/html2text.php (http://trac.roundcube.net/ticket/1485618), maybe it's worth 
considering adding session checking to all of the utilities in the bin 
directory. If a vulnerability exists in a utility, then having a session check 
will limit or complicate its exploitation.

The way quotaimg.php was doing session checking could be used in the other 
utilities. (quotaimg.php's session checking was removed in October: 
http://trac.roundcube.net/changeset/2012).

-kris


-- 
Kris Steinhoff
ITCS Web/DB Production Team
The University of Michigan
_______________________________________________
List info: http://lists.roundcube.net/dev/



More information about the Dev mailing list