Opened 9 days ago
Last modified 4 days ago
#2879 new enhancement
Update Php in Repositoryadmin
| Reported by: | gpewr | Owned by: | jng |
|---|---|---|---|
| Priority: | medium | Milestone: | 4.0 |
| Component: | Server | Version: | |
| Severity: | major | Keywords: | php, security, vulnerability |
| Cc: | External ID: |
Description
The php version of repositoryadmin at c:\program files\osgeo\mapguide\server\repositoryadmin\php.exe is version 5.0.5.0, which has 132 security risks.
Modern vulnerability scanners will recognize this and report it. It will no longer be possible to use Mapguide in a professional environment.
Note:
See TracTickets
for help on using tickets.
I had a quick glance at what the actual .php scripts actually do that requires such an ancient PHP executable to have to be included and found out that for the most part that they are nothing more than wrapping around commands to the pre-existing dbxml executables under server/bin to do backup and restore operations!
So in light of that, in addition to ripping out this PHP executable, we should also rip out all the .php scripts and just refactor the calling .bat/.sh files to do this directly themselves.