[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Potential security issue with LedgerSMB (inherited from SL)

Chris Travers wrote:

    BTW, the terminal problem is still an issue. bin/xterm doesn't exist,
    and when I try to run any of the scripts from the terminal, it tries
    to include these. Is this a dumb user problem or is terminal broken in
    LedgerSMB and/or SL?

In 2.4.x bin/xterm was basically a symlink to bin/lynx

THe fact that it is not there in 2.6 is an indication that nobody uses it. Which is a good thing as far as the security issue is concerned.

Does removal of the terminal code mean that running one of the scripts such as:

perl is.pl "action=api_print_invoice&other_options=oo&yet_other_options&yoo" won't work in the future with ledgersmb?

I've been doing something similar to initiate backups of sql-ledger for a long time.

Darrick Hartman
DJH Solutions, LLC