search

EarthSystemCoG / COG

COG source code
BSD 3-Clause "New" or "Revised" License
8 stars 16 forks source link

Remove example PHP code #1297

Closed LucaCinquini closed 8 years ago

LucaCinquini commented 8 years ago

Who: Rachana

ANL security team has identified PHP files in the YUI distribution that comes with CoG. The code is never executed (since the Apache server does NOT contain a PHP module), only rendered as text, but it is good to remove such code to avoid triggering false security vulnerabilities.

LucaCinquini commented 8 years ago

The directory affected under $COG_INSTALL_DIR are:

[cinquini@esgf-node cog_install]$ sudo rm -rf ./cog/static/js/yui-2.9.0/examples [cinquini@esgf-node cog_install]$ sudo rm -rf ./cog/static/js/yui/examples [cinquini@esgf-node cog_install]$ sudo rm -rf ./static/js/yui-2.9.0/examples [cinquini@esgf-node cog_install]$ sudo rm -rf ./static/js/yui/examples [cinquini@esgf-node cog_install]$ sudo rm -rf ./build/lib/cog/static/js/yui/examples [cinquini@esgf-node cog_install]$ sudo rm -rf ./build/lib/cog/static/js/yui-2.9.0/examples

LucaCinquini commented 8 years ago

The "examples" directory from YUI and Grappelli have been removed from the CoG source code.

murphysj commented 8 years ago

verified locally when I installed.