search

howardjones / network-weathermap

Network Weathermap draws diagrams from data
http://www.network-weathermap.com/
MIT License
423 stars 95 forks source link

Create copy - Incorrect permissions #276

Open tstoco opened 3 years ago

tstoco commented 3 years ago

Summary

A config file without the correct permissions is parsed by weathermap PHP editor.

Weathermap 0.98a

How to reproduce?

A user without permissions to write files for the www-data group creates a file inside the folder: \weathermap\configs

image

Although the file is not listed as an option to be opened it is listed in the dropdown menu that creates a copy of an existing config.

image

Therefore clicking into create copy weathermap creates a new config from a file without the correct permissions.

howardjones commented 3 years ago

What is incorrect? The file is readable (all that is needed to make a copy) and the www-data user can write to ./configs to make the new file. read-only files can be copied. It doesn't appear in the editor, because you can't edit it.