From trac_mapguide at osgeo.org  Wed May  1 03:23:49 2024
From: trac_mapguide at osgeo.org (MapGuide Open Source)
Date: Wed, 01 May 2024 10:23:49 -0000
Subject: [Mapguide-trac] [mapguide-trac] #2879: Update Php in
 Repositoryadmin
In-Reply-To: <043.1e7ae0dc7cf07151f65f64a81d291e35@osgeo.org>
References: <043.1e7ae0dc7cf07151f65f64a81d291e35@osgeo.org>
Message-ID: <058.467a94a0fb566199ba68d63145b5c356@osgeo.org>

#2879: Update Php in Repositoryadmin
------------------------------------------+-------------------
 Reporter:  gpewr                         |        Owner:  jng
     Type:  enhancement                   |       Status:  new
 Priority:  medium                        |    Milestone:  4.0
Component:  Server                        |      Version:
 Severity:  major                         |   Resolution:
 Keywords:  php, security, vulnerability  |  External ID:
------------------------------------------+-------------------
Changes (by jng):

 * owner:  (none) => jng

Comment:

 I had a quick glance at what the actual .php scripts actually do that
 requires such an ancient PHP executable to have to be included and found
 out that for the most part that they are nothing more than wrapping around
 commands to the pre-existing dbxml executables under server/bin to do
 backup and restore operations!

 So in light of that, in addition to ripping out this PHP executable, we
 should also rip out all the .php scripts and just refactor the calling
 .bat/.sh files to do this directly themselves.
-- 
Ticket URL: <https://trac.osgeo.org/mapguide/ticket/2879#comment:1>
MapGuide Open Source <http://mapguide.osgeo.org/>
MapGuide Open Source Internals