New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
mkdir ($dir,"777") #11843
Comments
Do you know which file |
I found two places where piwik does a |
pw/Piwik/core/Updater/Migration/Db/Factory.php
The file has been modified woensdag 31 mei 2017
Possible PHP Injection - function name contains only numbers.
_1(10)View file contents
pw/Piwik/vendor/doctrine/cache/lib/Doctrine/Common/Cache/FileCache.php
The file has been modified woensdag 31 mei 2017
Unsafe directory creation - 0777 permissions.
mkdir($path, 0777View file contents
pw/Piwik/vendor/doctrine/annotations/lib/Doctrine/Common/Annotations/FileCacheReader.php
The file has been modified dinsdag 15 november 2016
Unsafe directory creation - 0777 permissions.
mkdir($cacheDir, 0777View file contents
pw/Piwik/vendor/pear/archive_tar/Archive/Tar.php
The file has been modified woensdag 31 mei 2017
Unsafe directory creation - 0777 permissions.
mkdir($v_header['filename'], 0777View file contents
pw/Piwik/vendor/monolog/monolog/src/Monolog/Handler/StreamHandler.php
The file has been modified woensdag 31 mei 2017
Unsafe directory creation - 0777 permissions.
mkdir($dir, 0777View file contents
pw/Piwik/vendor/twig/twig/lib/Twig/Cache/Filesystem.php
The file has been modified woensdag 31 mei 2017
Unsafe directory creation - 0777 permissions.
mkdir($dir, 0777View file contents
pw/Piwik/vendor/twig/twig/.php_cs.dist
The file has been modified woensdag 31 mei 2017
Suspicious filename found. Files with a dot in front of them are usually hidden by the operating system.
.php_cs.distView file contents
pw/Piwik/vendor/piwik/decompress/libs/PclZip/pclzip.lib.php
The file has been modified woensdag 31 mei 2017
Unsafe directory creation - 0777 permissions.
mkdir($p_dir, 0777View file contents
pw/Piwik/vendor/szymach/c-pchart/.scrutinizer.yml
The file has been modified woensdag 31 mei 2017
Suspicious filename found. Files with a dot in front of them are usually hidden by the operating system.
.scrutinizer.ymlView file contents
pw/Piwik/plugins/LanguagesManager/Commands/CreatePull.php
The file has been modified woensdag 31 mei 2017
Possible PHP injection (file download)
shell_exec('curlView file contents
pw/Piwik/libs/bower_components/materialize/.npmignore
The file has been modified woensdag 31 mei 2017
Suspicious filename found. Files with a dot in front of them are usually hidden by the operating system.
Van: Lukas Winkler [mailto:notifications@github.com]
Verzonden: woensdag 5 juli 2017 10:47
Aan: piwik/piwik <piwik@noreply.github.com>
CC: GerardBol <gerardbolhuis@gmail.com>; Author <author@noreply.github.com>
Onderwerp: Re: [piwik/piwik] mkdir ($dir,"777") (#11843)
I found two places where piwik does a chmod 777. All other chmod are using 755 or 600
https://github.com/piwik/piwik/blob/3.x-dev/core/Profiler.php#L324
https://github.com/piwik/piwik/blob/3.x-dev/core/Db/BatchInsert.php#L268
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub <#11843 (comment)> , or mute the thread <https://github.com/notifications/unsubscribe-auth/AXHyASh-2N0AypofzZaZLBOWgWyFR0JQks5sK01ygaJpZM4ON_zO> . <https://github.com/notifications/beacon/AXHyAaTaYlJ5XAOArcALRfRsYteL-pAQks5sK01ygaJpZM4ON_zO.gif>
|
I am not sure what your tester means, but I coudn't find a function which name only contains numbers in https://github.com/piwik/piwik/blob/3.x-dev/core/Updater/Migration/Db/Factory.php
Those are third-party libraries which may or may not have good reasons for doing that. You'll need to contact them if you want to know why they are using 777.
This plugin uses |
Thanks for contributing to this issue. As it has been a few months since the last activity and we believe this is likely not an issue anymore, we will now close this. If that's not the case, please do feel free to either reopen this issue or open a new one. We will gladly take a look again! |
I use rsfirewall in my joomla site
this rsfirewall detects mkdir($dir,"777") in the source of piwik. Why 777 and set all access open?
The text was updated successfully, but these errors were encountered: