[mythtv-commits] Ticket #5032: Allow cURL for safer status passthrough in mythweb
MythTV
mythtv at cvs.mythtv.org
Mon Mar 24 22:35:43 UTC 2008
#5032: Allow cURL for safer status passthrough in mythweb
----------------------------+-----------------------------------------------
Reporter: myth at thekx.org | Owner: xris
Type: patch | Status: new
Priority: minor | Milestone: unknown
Component: mythweb | Version: head
Severity: medium | Mlocked: 0
----------------------------+-----------------------------------------------
The status module uses the file_get_contents module to retrieve the status
page from the backend's own port. This requires the allow_url_fopen PHP
option to be set, which many view as a security risk for XSS.
The cURL lib is recommended as a safer alternative (which is quite
common). This patch tries to use cURL, if installed, before trying the
regular options.
I've applied this to 0.21-fixes on my wc, but it looks to me like it's the
same patch for head of trunk.
--
Ticket URL: <http://svn.mythtv.org/trac/ticket/5032>
MythTV <http://www.mythtv.org/>
MythTV
More information about the mythtv-commits
mailing list