path for #39863 etc. in trunk?

14 years ago by Stas Malyshev — view source

unread

Hi!

What's the status of patch for NULL-in-filename issue for trunk? I see
patch for 5.3 was made by Pierre 3.5 months ago with note "trunk will
have patch later", but nothing happened as it seems. Anybody's working
on it?

Stanislav Malyshev, Software Architect
SugarCRM: http://www.sugarcrm.com/
(408)454-6900 ext. 227

14 years ago by Pierre Joye — view source

unread

hi Stas,

Yes, there was a discussion in progress about adding or not a input
parameter for filenames to do all the checks. That's the only stopping
point back then (in January afair). I will check&post again the
question and proposal to see if we can get that sorted now.

Cheers,

Hi!

What's the status of patch for NULL-in-filename issue for trunk? I see patch
for 5.3 was made by Pierre 3.5 months ago with note "trunk will have patch
later", but nothing happened as it seems. Anybody's working on it?

Stanislav Malyshev, Software Architect
SugarCRM: http://www.sugarcrm.com/
(408)454-6900 ext. 227

--
Pierre

@pierrejoye | http://blog.thepimp.net | http://www.libgd.org

14 years ago by Stas Malyshev — view source

unread

Hi!

Yes, there was a discussion in progress about adding or not a input
parameter for filenames to do all the checks. That's the only stopping
point back then (in January afair). I will check&post again the
question and proposal to see if we can get that sorted now.

If there are questions about better implementation etc., we have to just
check in the 5.3 fix and we can refactor it later. I think it's not good
that we allow trunk to have security-related patch not synchronized with
5.3 for months. I wonder if we have more like this.

Stanislav Malyshev, Software Architect
SugarCRM: http://www.sugarcrm.com/
(408)454-6900 ext. 227

14 years ago by Pierre Joye — view source

unread

It was not about a better implentation, such changes are not possible in
5.3.

The goal is to avoid many code duplication and makes sure than any new code
has this check in place.

I can't think of any other similar patches not present in trunk.

Hi!

Yes, there was a discussion in progress about adding or not a input
parameter for filenames to...
If there are questions about better implementation etc., we have to just
check in the 5.3 fix and we can refactor it later. I think it's not good
that we allow trunk to have security-related patch not synchronized with 5.3
for months. I wonder if we have more like this.
--

Stanislav Malyshev, Software Architect
SugarCRM: http://www.sugarcrm.com/
(408)454-6900 ext. 227

path for #39863 etc. in trunk?

What's the status of patch for NULL-in-filename issue for trunk? I see patch for 5.3 was made by Pierre 3.5 months ago with note "trunk will have patch later", but nothing happened as it seems. Anybody's working on it?

What's the status of patch for NULL-in-filename issue for trunk? I see patch for 5.3 was made by Pierre 3.5 months ago with note "trunk will have patch later", but nothing happened as it seems. Anybody's working on it?

If there are questions about better implementation etc., we have to just check in the 5.3 fix and we can refactor it later. I think it's not good that we allow trunk to have security-related patch not synchronized with 5.3 for months. I wonder if we have more like this.

What's the status of patch for NULL-in-filename issue for trunk? I see
patch for 5.3 was made by Pierre 3.5 months ago with note "trunk will
have patch later", but nothing happened as it seems. Anybody's working
on it?

What's the status of patch for NULL-in-filename issue for trunk? I see patch
for 5.3 was made by Pierre 3.5 months ago with note "trunk will have patch
later", but nothing happened as it seems. Anybody's working on it?

If there are questions about better implementation etc., we have to just
check in the 5.3 fix and we can refactor it later. I think it's not good
that we allow trunk to have security-related patch not synchronized with
5.3 for months. I wonder if we have more like this.