Uploaded image for project: 'Website'
  1. Website
  2. WEBSITE-1024

feed.php misbehaves (vanilla 3.0.11 doesn't)

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Resolution: Invalid
    • Community
    • None

    Description

      Why am I able to request this and get a successful response? 

      https://www.phpbb.com/community/feed.php/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/smile.gif

      (Note: not only does the server "know" this resource, also viewing the response uninterpreted shows those long paths nearly everywhere).
      I'm unable to reproduce this on a 3.0.11 vanilla installation.

      I found out while investigating the support topic "rss.php smilies loop" and found out in other parts of the internet the same issue occurs (on phpBBoards): 

      http://newsgroup.xnview.com/rss.php/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/images/smilies/icon/smile.gif

      While I'm tempted to say this example shows an insecure MOD ("/rss.php" does not exist in phpBB) the behaviour of phpbb.com itself is also unexpected. Why? This isn't a phpBB problem, it's a phpbb.com one.

      Attachments

        Activity

          People

            MichaelC Michael Cullum
            AmigoJack AmigoJack
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: