[RCD] /bin utilities

9 Dec 2008


      While it is still unclear whether or not there is a problem with 
bin/html2text.php (http://trac.roundcube.net/ticket/1485618), maybe it's worth 
considering adding session checking to all of the utilities in the bin 
directory. If a vulnerability exists in a utility, then having a session check 
will limit or complicate its exploitation.
The way quotaimg.php was doing session checking could be used in the other 
utilities. (quotaimg.php's session checking was removed in October: 
http://trac.roundcube.net/changeset/2012).
-kris
-- 
Kris Steinhoff
ITCS Web/DB Production Team
The University of Michigan
_______________________________________________
List info: http://lists.roundcube.net/dev/

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

[RCD] /bin utilities