OoO En ce doux début de matinée du vendredi 26 septembre 2008, vers 08:09, Michal Čihař <[EMAIL PROTECTED]> disait :
> cron job installed as /etc/cron.daily/roundcube-core silently removes
> file /var/lib/roundcube/temp/.htaccess, which is shipped with package.
> This make later fail integrity check using debsums and allows access to
> the files in cache. Attached patch fixes cron job to ignore .htaccess
> file.
Hi Michal!
The lighttpd config file contains:
$HTTP["url"] =~ "^/roundcube/config|/roundcube/temp|/roundcube/logs" {
url.access-deny = ( "" )
}
Therefore, the directory should not be accessible. Maybe the file is not
clear enough about what to modify when changing roundcube location.
In fact, .htaccess should not be shipped with roundcube.
Thanks for the report.
--
I WAS NOT TOLD TO DO THIS
I WAS NOT TOLD TO DO THIS
I WAS NOT TOLD TO DO THIS
-+- Bart Simpson on chalkboard in episode 5F13
pgprFjsLTVk2z.pgp
Description: PGP signature
