[geeklog-devel] 1.5 Installer stuff
joe at ThrowingDice.com
Fri Oct 12 02:08:41 EDT 2007
At 11:06 PM 10/11/2007, Blaine Lang wrote:
>Joe Mucchiello wrote:
>It may be just late for me but I will ask the question anyways.
>What vulnerability does the above create - as this is very different
>then a remote file include vulnerbility. If someone wants to run
>english.php and change $_CONF['site_admin_url'] - what are they
>going to harm or see happen?
I don't claim there is a current vulnerability. I'm just saying that
now there is the potential for code to run in language files. Today
it's just a function call. Who knows what someone might be able to
make that do at some point in the future. It doesn't hurt to add the
"can't run this file" logic.
Throwing Dice Games
More information about the geeklog-devel