Details
-
Bug
-
Resolution: Obsolete
-
Medium
-
None
-
3.10.0, 3.9.4, 4.0.0alpha2
-
None
Description
when no rewrite rule is set up and user accesses the index_image scripts, a php warning is generated - possible security pbl if server is not setup correctly (ie. information leak)
possible fix: test for existence of $_SERVER['SCRIPT_URL'] before using it
if ( !isset( $_SERVER['SCRIPT_URL'] ) ) {
_die( "Please use a virtual hosting setup to access this script.\n" );
}
$filename = ltrim( $_SERVER['SCRIPT_URL'], "/" );
(to be moved just before connection to database)
alternative fix: use a different server variable instead of crapping out - but I do not see much of an advantage there, except for testing...
Attachments
Issue Links
- is duplicated by
-
EZP-14153 Cluster image handler not working when used with .htaccess
- Closed