Closed dvikan closed 2 months ago
Bridge | Context | Status |
---|---|---|
FDroidRepo | 1 Latest Updates (current) | ❌ Bridge returned error 404! (19817) ❌ Type: HttpException ❌ Message: https://srv.tt-rss.org/fdroid/repo/index-v1.jar resulted in 404 Not Found <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> ⚠️ WARNING Trying to access array offset on value of type null at bridges/FDroidRepoBridge.php line 81 |
FDroidRepo | 1 Latest Updates (pr) | ❌ Bridge returned error 404! (19817) ❌ Type: HttpException ❌ Message: https://srv.tt-rss.org/fdroid/repo/index-v1.jar resulted in 404 Not Found <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> ⚠️ WARNING Trying to access array offset on value of type null at bridges/FDroidRepoBridge.php line 208 |
FDroidRepo | 2 Follow Package (current) | ❌ Bridge returned error 404! (19817) ❌ Type: HttpException ❌ Message: https://srv.tt-rss.org/fdroid/repo/index-v1.jar resulted in 404 Not Found <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> ⚠️ WARNING Trying to access array offset on value of type null at bridges/FDroidRepoBridge.php line 81 |
FDroidRepo | 2 Follow Package (pr) | ❌ Bridge returned error 404! (19817) ❌ Type: HttpException ❌ Message: https://srv.tt-rss.org/fdroid/repo/index-v1.jar resulted in 404 Not Found <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> ⚠️ WARNING Trying to access array offset on value of type null at bridges/FDroidRepoBridge.php line 208 |
last change: Thursday 2024-04-04 15:40:02
I think security is fine. We control the whole file name. The only minor concern would be a file confusion where the original file was replaced with another one before calling unlink
on it, deleting the wrong file. Highly unlikely, as we use temporary file names, but still possible.
I looked into avoiding the writing-to-file and then reading-from-file altogether. The results are in the referenced issue below.
mainly fix issue as described in subject.
this is one of two locations where a bridge writes directly to os via
file_put_contents
. I reviewed it and think it's fine securitywise.@Mynacol