Ticket #4421 (closed Bugs: fixed)

Opened 2 years ago

Last modified 1 year ago

Endpoint Installer sending URL into module directory in iframe

Reported by: p_lindheimer Assigned to: tm1000
Priority: minor Milestone: 2.9
Component: Endpoint Manager Version:
Keywords: Cc:
Confirmation: Need testing SVN Revision (if applicable):
Backend Engine: All Backend Engine Version:

Description

I suspect this will all go away when the new download stuff comes, but for now filing a bug. This line in brand_model_manager.inc: 

$tpl->assign("installer_address", $_SERVER["HTTP_HOST"].WEB_PATH."includes/installer.php");

which results in this line in brand_model_manager.html 

<iframe src="http://{$installer_address}" frameborder=0 width="100%" height=70 scrolling="no"></iframe>

This means that access needs to be open inside the module, which is a security issue and a well protected server will not have access open here. This needs to be accessed through page.epm_config.php or some other solution (config.php file handler, etc.) such that no module access needs to be open.

Change History

07/11/10 12:25:08 changed by p_lindheimer

(In [10058]) temporary improvement for returning to config page after an installation, though this should all be fixed when this rewritten. Also ... hardcodes path to /admin/config.php until access is fixed re #4421

08/27/10 00:19:50 changed by tm1000

  • status changed from new to closed.
  • confirmation changed from Unreviewed to Need testing.
  • resolution set to fixed.

This is fixed completely in 2.2.5 where it used modal box inside of FreePBX. It also now references quiet mode through config.phh