You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The reason will be displayed to describe this comment to others. Learn more.
This doesn't fix #4943 for the case where mod security is enabled, it is only supposed to fix the case where mod security is disabled, CHECK_SECURE_PATH_POSSIBLE_WRITE does nothing and write_allowed is used uninitialized.
Besides, I have actually verified that this fixes the bug with mod security disabled.
cc7c31a
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think that's it unfortunately, since
checkPath
unconditionally sets it to false (if it's passed) before doing anything just to be safe.cc7c31a
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This doesn't fix #4943 for the case where mod security is enabled, it is only supposed to fix the case where mod security is disabled,
CHECK_SECURE_PATH_POSSIBLE_WRITE
does nothing andwrite_allowed
is used uninitialized.Besides, I have actually verified that this fixes the bug with mod security disabled.
cc7c31a
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@ShadowNinja From looking at the definition of
CHECK_SECURE_PATH_POSSIBLE_WRITE
it should be obvious that this change is needed.cc7c31a
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@sfan5: Oh, you're right. This must have been the cause of #4943, mod security was off.