mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-28 09:42:41 +01:00
2037979142
Summary: Via HackerOne. An attacker with access to both Phame and the filesystem could potentially load a skin that lives outside of the configured skin directories, because we had insufficient checks on the actual skin at load time. Test Plan: Attempted to build a blog with an invalid skin; got an exception instead of a mis-load of a sketchy skin. Reviewers: btrahan Reviewed By: btrahan Subscribers: epriestley Differential Revision: https://secure.phabricator.com/D10992 |
||
---|---|---|
.. | ||
application | ||
celerity | ||
conduit | ||
config | ||
controller | ||
phid | ||
query | ||
skins | ||
storage | ||
view |