Feng Forum

Support => Feng Office 1 => Older versions => 1.2 RC2 => : Adriaan Graas February 16, 2009, 01:14:16 PM

: Security Issue /public/install
: Adriaan Graas February 16, 2009, 01:14:16 PM
Hi,

I think this is important: after the install, the public/install/index.php file is still open, and when run it will erase the config file, resulting in the system not working anymore.
Plus that anyone can attach a new database to the system.

Temporary fix could be (re)move the install directory.
Development fix, please make sure that all install files are only accessable when the install has not been completed before.

Anyway i like opengoo very much, continue the good work :)

Kind regards,

Adriaan Graas
: Re: Security Issue /public/install
: ignacio February 17, 2009, 09:46:14 AM
Hi Everyone,

This is a bug and can be fixed by editing file 'public/install/include.php' line 27, from:
:
$config_is_set = $config_path;to:
:
$config_is_set = @include $config_path;