http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6874
--- Comment #8 from Robin Sheat <[email protected]> 2011-10-09 22:32:58 UTC --- Multiple instances is when you're running more than one koha instance on a server. Having the files accessible directly through apache strikes me as problematic. Adding an alias doesn't solve that really, and I don't think chmod 0644 will either. For a simple example, what if someone uploads a PHP file and you have mod_php enabled? The patch has a lot of 'warn's in it, looks like debug code. Most of the functions are undocumented, which is bad. Putting HTML/Javascript in .pl files is something that should really really be avoided, it's violating separation of concerns (I know that other parts of Koha have that, that upsets me too :) It should be pushed into a template. I note that you search through to find a free filename. I can't tell what the base name will be (or perhaps it's provided by the uploader), but that a) risks a (very unlikely) race condition, and b) could get slow if there are many files. Perhaps include a timestamp as well? If the OPAC is set so that it requires a valid login to access, then this will still allow those files to be accessible, which is bad. -- Configure bugmail: http://bugs.koha-community.org/bugzilla3/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA Contact for the bug. _______________________________________________ Koha-bugs mailing list [email protected] http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
