Mahara

some third party libraries do not respect the directorypermissions config setting

Bug #1037365 reported by Hugh Davenport on 2012-08-16

256

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Mahara	Confirmed	Low	Unassigned

Bug Description

one example is htmlpurifier, from a git grep mkdir, i see that pear, dwoo, adobdb, and flowplayer may also be culprits

Also, the internal examples
- extract function in artefact/file.lib.php
- copyr function in lib/file.php
- there is one instance in lib/db/upgrade.php

Tags:

Hugh Davenport (hugh-davenport) on 2012-09-06

Changed in mahara:
milestone:	1.6.0 → 1.7.0

Aaron Wells (u-aaronw) on 2013-04-19

Changed in mahara:
milestone:	1.7.0 → 1.8.0

Aaron Wells (u-aaronw) on 2013-09-30

Changed in mahara:
milestone:	1.8rc1 → 1.8.0

Aaron Wells (u-aaronw) on 2013-10-22

Changed in mahara:
milestone:	1.8.0 → 1.8.1

Revision history for this message

Aaron Wells (u-aaronw) wrote on 2013-12-16:

The examples that Hugh mentions in internal Mahara code were all patched as part of Bug 1057238. But there are still some mkdir's in these /lib subdirectories:

adodb
csstidy
dwoo
htmlpurifier
pear

Changed in mahara:
milestone:	1.8.1 → 1.8.2

Aaron Wells (u-aaronw) on 2014-05-12

no longer affects:

mahara/1.6

Kristina Hoeppner (kris-hoeppner) on 2014-08-24

no longer affects:	mahara/1.7
no longer affects:	mahara/1.8
no longer affects:	mahara/1.9

Aaron Wells (u-aaronw) on 2014-09-10

information type:	Public → Public Security
Changed in mahara:
milestone:	1.10.0 → 1.11.0

Robert Lyon (robertl-9) on 2015-04-17

Changed in mahara:
milestone:	15.04.0 → 15.04.1

Aaron Wells (u-aaronw) on 2015-04-21

Changed in mahara:
milestone:	15.04.1 → 15.10.0

Aaron Wells (u-aaronw) on 2015-10-23

Changed in mahara:
milestone:	15.10.0 → 16.04.0

Aaron Wells (u-aaronw) on 2016-04-28

Changed in mahara:
milestone:	16.04.0 → 16.10.0

Robert Lyon (robertl-9) on 2016-10-20

Changed in mahara:
milestone:	16.10.0 → 16.10.1

Robert Lyon (robertl-9) on 2016-10-21

Changed in mahara:
milestone:	16.10.1 → 17.04.0

Robert Lyon (robertl-9) on 2017-03-28

Changed in mahara:
milestone:	17.04.0 → 17.10.0

Robert Lyon (robertl-9) on 2017-09-19

Changed in mahara:
milestone:	17.10.0 → 18.04.0

Robert Lyon (robertl-9) on 2018-03-07

Changed in mahara:
milestone:	18.04.0 → 18.10.0

Kristina Hoeppner (kris-hoeppner) on 2018-08-30

Changed in mahara:
milestone:	18.10.0 → none
tags:	added: code-cleanup

Lisa Seeto (lisaseeto) on 2020-07-24

tags:

added: refactoring
removed: code-cleanup

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.