[RCD] /bin utilities

Kris Steinhoff steinhof at umich.edu
Tue Dec 9 20:40:32 CET 2008

While it is still unclear whether or not there is a problem with 
bin/html2text.php (http://trac.roundcube.net/ticket/1485618), maybe it's worth 
considering adding session checking to all of the utilities in the bin 
directory. If a vulnerability exists in a utility, then having a session check 
will limit or complicate its exploitation.

The way quotaimg.php was doing session checking could be used in the other 
utilities. (quotaimg.php's session checking was removed in October: 


Kris Steinhoff
ITCS Web/DB Production Team
The University of Michigan
List info: http://lists.roundcube.net/dev/

More information about the Dev mailing list