Project

General

Profile

Bug #5536

"SilverStripe Tree Control" in /usr/local/www/tree/ has a default index.html viewable by anyone

Added by Jim Pingle over 3 years ago. Updated over 3 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Web Interface
Target version:
Start date:
11/25/2015
Due date:
% Done:

0%

Estimated time:
Affected Version:
2.3
Affected Architecture:
All

Description

The files tree.js and tree.css in /usr/local/www/tree/ are used by the traffic shaper to draw the interface/queue trees. The full library distribution is there along with index.html which explains its usage. Given that it's a static js/css library and not private, it's not the end of the world for it to be unprotected but having that index.html there explaining the library's usage looks unusual and can be a red flag for automated scanners.

At the very least the index.html should be blanked out, might even be better to move/relocate the library and only keep the exact files needed. Or if there is a better library to use for this that integrates better with bootstrap it could be replaced.

History

#1 Updated by Steve Beaver over 3 years ago

  • Status changed from Confirmed to Resolved

tree/index.html removed

Also available in: Atom PDF