[
https://issues.apache.org/jira/browse/VCL-809?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14699788#comment-14699788
]
ASF subversion and git services commented on VCL-809:
-----------------------------------------------------
Commit 1696318 from [~jfthomps] in branch 'vcl/trunk'
[ https://svn.apache.org/r1696318 ]
VCL-809 - Information disclosure when accessing page you don't have access to
utils.php:
-modified initGlobals: if user is authed and mode is selectauth, set $mode to
"main" (we were setting it to "home"); also added check that if $mode doesn't
exist in $actions['pages'], set $mode to "main"
-modified menulistLI: if $mymode is empty, set $mode to "main" (we were setting
it to "home")
> Information disclosure when accessing page you don't have access to
> -------------------------------------------------------------------
>
> Key: VCL-809
> URL: https://issues.apache.org/jira/browse/VCL-809
> Project: VCL
> Issue Type: Bug
> Components: web gui (frontend)
> Affects Versions: 2.3.2
> Reporter: Karl Vollmer
> Priority: Minor
> Fix For: 2.5
>
>
> visit index.php?mode=dashboard as someone who doesn't have access and you get
> Notice: Undefined index: home in /var/www/html/vcl/.ht-inc/utils.php on line
> 10195 Notice: Undefined index: home in /var/www/html/vcl/.ht-inc/utils.php on
> line 10195 Notice: Undefined index: home in
> /var/www/html/vcl/.ht-inc/utils.php on line 10195 Notice: Undefined index:
> home in /var/www/html/vcl/.ht-inc/utils.php on line 10195 Notice: Undefined
> index: home in /var/www/html/vcl/.ht-inc/utils.php on line 10195 Notice:
> Undefined index: home in /var/www/html/vcl/.ht-inc/utils.php on line 10195
> Notice: Undefined index: home in /var/www/html/vcl/.ht-inc/utils.php on line
> 10195
> which discloses the location of the files on your webserver,
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
