- Fixed bug #387. content.ecpp delivers only absolute path requests

without '..' in them.
author: Dieter Hametner <dh (plus) vdr (at) gekrumbel (dot) de> 2007-09-08 22:53:20 +0000
committer: Dieter Hametner <dh (plus) vdr (at) gekrumbel (dot) de> 2007-09-08 22:53:20 +0000
commit: 5f3d9f1f80af84c71baed2fd9108aa1494ecaba5 (patch)
tree: b4ebcf124399766b776ef69a0e49e9f50920e514 /doc
parent: 7813337cad75e71e76dbd1d4492ca0d53b523d61 (diff)
download: vdr-plugin-live-5f3d9f1f80af84c71baed2fd9108aa1494ecaba5.tar.gz
vdr-plugin-live-5f3d9f1f80af84c71baed2fd9108aa1494ecaba5.tar.bz2
1 files changed, 7 insertions, 1 deletions
diff --git a/doc/ChangeLog b/doc/ChangeLog
index ec88141..dc00cd3 100644
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -1,4 +1,10 @@
-2007-09-07  Dieter Hametner  <dieter@air.mittelstation.de>
+2007-09-09  Dieter Hametner  <dh+vdr at gekrumbel dot de>
+
+	* tntconfig.cpp: allways give absolute paths to content.ecpp
+	* pages/content.ecpp: check for absolute paths which don't contain
+		upward references (e.g. '../') and deny such requests.
+
+2007-09-07  Dieter Hametner  <dh+vdr at gekrumbel dot de>
 
 	* tntconfig.cpp: Checked and adapted MapUrl regular expressions
 	                 to be more live setup secure.
author	Dieter Hametner <dh (plus) vdr (at) gekrumbel (dot) de>	2007-09-08 22:53:20 +0000
committer	Dieter Hametner <dh (plus) vdr (at) gekrumbel (dot) de>	2007-09-08 22:53:20 +0000
commit	5f3d9f1f80af84c71baed2fd9108aa1494ecaba5 (patch)
tree	b4ebcf124399766b776ef69a0e49e9f50920e514 /doc
parent	7813337cad75e71e76dbd1d4492ca0d53b523d61 (diff)
download	vdr-plugin-live-5f3d9f1f80af84c71baed2fd9108aa1494ecaba5.tar.gz vdr-plugin-live-5f3d9f1f80af84c71baed2fd9108aa1494ecaba5.tar.bz2