#35 ✓resolved
Fabrice Luraine

Security issue in render_file

Reported by Fabrice Luraine | November 30th, 2009 @ 09:42 AM

render_file allows accessing any files from outside public folder using ../.
Can be solved with a quick fic by stripping those ../

I plan to add an improved security policy with a safe_dir option.

(Thx to Zncdr who reported that issue)

Comments and changes to this ticket

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป

Limonade is a PHP micro-framework.

People watching this ticket


Referenced by