Pavel Titov (titov_en) wrote in fotobilder,
Pavel Titov
titov_en
fotobilder

Broken X-FB-Auth support in Apache/FotoBilder/Pic.pm

I noted a broken X-FB-Auth support in the Pic.pm module. Here is a fix:
--- cvs/fb/lib/Apache/FotoBilder/Pic.pm Mon Jan  2 11:19:23 2006
+++ lib/Apache/FotoBilder/Pic.pm        Mon Jun  5 23:52:15 2006
@@ -79,7 +79,7 @@

     # need to see if there's a reference to this picture in some gallery
     # that the remote user has access to view
-    return 403 unless $up->visible;
+    return 403 unless $up->visible_to($remote);

     my $palspec; # palette colors, set if $extra begins with '/p'
     my $g;       # pic to serve  (FB::Gpic object)
(Error existed because Upic::visible just calls FB::get_remote() to get $remote, without checking X-FB-Auth.)

But I'm not sure, can such fix cause some security problems?
Subscribe

  • 302: lj_dev

    In the interests of consolidating all FotoBilder development-related discussion, we're going to be closing down this community. The same…

  • Development stalled?

    Is the development of Fotobilder held? Stalled? I am asking because there is no activity on the community and there is no link to the Fotobilder…

  • (no subject)

    Does FotoBilder works with Apache2? I installed all the required modules on my debian sarge, and when I restart my apache server, it dies horribly…

  • Post a new comment

    Error

    Comments allowed for members only

    Anonymous comments are disabled in this journal

    default userpic
  • 0 comments