[Vtigercrm-commits] [vtiger-commits] r9260 - /vtigercrm/trunk/log4php/appenders/LoggerAppenderFile.php
vtigercrm-commits at vtiger.fosslabs.com
vtigercrm-commits at vtiger.fosslabs.com
Mon Sep 4 12:51:12 EDT 2006
Author: saraj
Date: Mon Sep 4 10:51:09 2006
New Revision: 9260
Log:
removed read permission for log files
Modified:
vtigercrm/trunk/log4php/appenders/LoggerAppenderFile.php
Modified: vtigercrm/trunk/log4php/appenders/LoggerAppenderFile.php
==============================================================================
--- vtigercrm/trunk/log4php/appenders/LoggerAppenderFile.php (original)
+++ vtigercrm/trunk/log4php/appenders/LoggerAppenderFile.php Mon Sep 4 10:51:09 2006
@@ -75,6 +75,10 @@
$fileName = $this->getFile();
LoggerLog::debug("LoggerAppenderFile::activateOptions() opening file '{$fileName}'");
$this->fp = @fopen($fileName, ($this->getAppend()? 'a':'w'));
+
+ // Denying read option for log file. Added for Vulnerability fix
+ if (is_readable($fileName)) chmod ($fileName,0222);
+
if ($this->fp) {
if ($this->getAppend())
fseek($this->fp, 0, SEEK_END);
@@ -177,4 +181,4 @@
}
}
}
-?>
+?>
More information about the vtigercrm-commits
mailing list