TWSD-1095 - Security Alert: Command injection via cookie data

Review Request #1234 — Created Dec. 16, 2025 and submitted Dec. 16, 2025, 2:01 p.m. — Latest diff uploaded Dec. 16, 2025, 10:37 a.m.

Information
Owner:	shuinvy
Repository:	AG
Branch:	rel_ag_9_4_5
Bugs:	TWSD-1095
Depends On:
Reviewers
Groups:
People:	austin, evalin, jasonchou, lucille, milliechou

Description

Fix file permission issue

Testing Done

The ticket link is:
https://arraynetworks.atlassian.net/browse/TWSD-1095

We should add cookie log by PHP.
However,
There is no permission for PHP to create file under the directory /var/log/.
So I modified the shell script to create file /var/log/aproxy_cookie.log if there is not exists.
Besides,
I changed the owner to nobody for the user of lighttpd is nobody.
Then changed the permission to 664 as (rw-rw-r--)
After that, PHP can edite the file successfully.

You have a pending review.

Review Board 5.0.5

TWSD-1095 - Security Alert: Command injection via cookie data