Skip to content
Snippets Groups Projects
Select Git revision
  • master default protected
  • cesnet_simplesamlphp-1.19.8
  • elixir_simplesamlphp-1.19.8
  • simplesamlphp-1.19.8
  • cesnet_simplesamlphp-1.19.5
  • simplesamlphp-2.0
  • feature/assets
  • feature/rac-source-selector
  • cleanup/remove-base64-attributes
  • simplesamlphp-1.19
  • elixir_simplesamlphp-1.19.5
  • aarc_idp_hinting
  • feature/validate-authstate-before-processing
  • feature/build-two-tarballs
  • dependabot/composer/twig/twig-3.4.3
  • tvdijen-patch-1
  • unchanged-acs-url-no-www-script
  • feature/translation-improvements
  • symfony6
  • move_tests
  • v1.19.9
  • v2.1.3
  • v2.0.10
  • v2.1.2
  • v2.0.9
  • v2.1.1
  • v2.0.8
  • v2.1.0
  • v2.0.7
  • v2.1.0-rc1
  • v2.0.6
  • v2.0.5
  • 2.0.4-alpha.1
  • v2.0.4-alpha.1
  • v2.0.4
  • v2.0.3
  • v2.0.2
  • v2.0.1-alpha.1
  • v2.0.1
  • v1.19.8
40 results
Blame History Permalink
  • Olav Morken's avatar
    InfoCard: Fix insecure file creation. · 0d5557c6
    Olav Morken authored 
    The InfoCard modules stores files in /tmp, but does this in a way that
allows another user with local access to the machine to overwrite any
file the webserver has access to.

This patch fixes it by moving the files into the simpleSAMLphp temp
directory.

Thanks to Thijs Kinkhorst <thijs@uvt.nl> for reporting this bug.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2082 44740490-163a-0410-bde0-09ae8108e29a
    0d5557c6
Code owners
Assign users and groups as approvers for specific file changes. Learn more.
STS_card_issuer.php 9.00 KiB