Uploaded image for project: 'Website'
  1. Website
  2. WEBSITE-1024

feed.php misbehaves (vanilla 3.0.11 doesn't)

    Details

    • Type: Bug
    • Status: Closed
    • Resolution: Invalid
    • Component/s: Community
    • Labels:
      None

      Description

      Why am I able to request this and get a successful response?

      https://www.phpbb.com/community/feed.php/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/smile.gif

      (Note: not only does the server "know" this resource, also viewing the response uninterpreted shows those long paths nearly everywhere).
      I'm unable to reproduce this on a 3.0.11 vanilla installation.

      I found out while investigating the support topic "rss.php smilies loop" and found out in other parts of the internet the same issue occurs (on phpBBoards):

      http://newsgroup.xnview.com/rss.php/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/smile.gif

      While I'm tempted to say this example shows an insecure MOD ("/rss.php" does not exist in phpBB) the behaviour of phpbb.com itself is also unexpected. Why? This isn't a phpBB problem, it's a phpbb.com one.

        Attachments

          Activity

            People

            • Assignee:
              MichaelC Michael Cullum
              Reporter:
              AmigoJack AmigoJack
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: