Project

General

Profile

Actions

Bug #5536

closed

"SilverStripe Tree Control" in /usr/local/www/tree/ has a default index.html viewable by anyone

Added by Jim Pingle almost 6 years ago. Updated almost 6 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Web Interface
Target version:
Start date:
11/25/2015
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.3
Affected Architecture:
All

Description

The files tree.js and tree.css in /usr/local/www/tree/ are used by the traffic shaper to draw the interface/queue trees. The full library distribution is there along with index.html which explains its usage. Given that it's a static js/css library and not private, it's not the end of the world for it to be unprotected but having that index.html there explaining the library's usage looks unusual and can be a red flag for automated scanners.

At the very least the index.html should be blanked out, might even be better to move/relocate the library and only keep the exact files needed. Or if there is a better library to use for this that integrates better with bootstrap it could be replaced.

Actions #1

Updated by Steve Beaver almost 6 years ago

  • Status changed from Confirmed to Resolved

tree/index.html removed

Actions

Also available in: Atom PDF