some third party libraries do not respect the directorypermissions config setting

Bug #1037365 reported by Hugh Davenport on 2012-08-16
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mahara
Low
Unassigned

Bug Description

one example is htmlpurifier, from a git grep mkdir, i see that pear, dwoo, adobdb, and flowplayer may also be culprits

Also, the internal examples
- extract function in artefact/file.lib.php
- copyr function in lib/file.php
- there is one instance in lib/db/upgrade.php

Changed in mahara:
milestone: 1.6.0 → 1.7.0
Aaron Wells (u-aaronw) on 2013-04-19
Changed in mahara:
milestone: 1.7.0 → 1.8.0
Aaron Wells (u-aaronw) on 2013-09-30
Changed in mahara:
milestone: 1.8rc1 → 1.8.0
Aaron Wells (u-aaronw) on 2013-10-22
Changed in mahara:
milestone: 1.8.0 → 1.8.1
Aaron Wells (u-aaronw) wrote :

The examples that Hugh mentions in internal Mahara code were all patched as part of Bug 1057238. But there are still some mkdir's in these /lib subdirectories:

adodb
csstidy
dwoo
htmlpurifier
pear

Changed in mahara:
milestone: 1.8.1 → 1.8.2
Aaron Wells (u-aaronw) on 2014-05-12
no longer affects: mahara/1.6
no longer affects: mahara/1.7
no longer affects: mahara/1.8
no longer affects: mahara/1.9
Aaron Wells (u-aaronw) on 2014-09-10
information type: Public → Public Security
Changed in mahara:
milestone: 1.10.0 → 1.11.0
Robert Lyon (robertl-9) on 2015-04-17
Changed in mahara:
milestone: 15.04.0 → 15.04.1
Aaron Wells (u-aaronw) on 2015-04-21
Changed in mahara:
milestone: 15.04.1 → 15.10.0
Aaron Wells (u-aaronw) on 2015-10-23
Changed in mahara:
milestone: 15.10.0 → 16.04.0
Aaron Wells (u-aaronw) on 2016-04-28
Changed in mahara:
milestone: 16.04.0 → 16.10.0
Robert Lyon (robertl-9) on 2016-10-20
Changed in mahara:
milestone: 16.10.0 → 16.10.1
Robert Lyon (robertl-9) on 2016-10-21
Changed in mahara:
milestone: 16.10.1 → 17.04.0
Robert Lyon (robertl-9) on 2017-03-28
Changed in mahara:
milestone: 17.04.0 → 17.10.0
Robert Lyon (robertl-9) on 2017-09-19
Changed in mahara:
milestone: 17.10.0 → 18.04.0
Robert Lyon (robertl-9) on 2018-03-07
Changed in mahara:
milestone: 18.04.0 → 18.10.0
Changed in mahara:
milestone: 18.10.0 → none
tags: added: code-cleanup
Lisa Seeto (lisaseeto) on 2020-07-24
tags: added: refactoring
removed: code-cleanup
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers