#137 Security breach in Add files function

closed
None
5
2007-10-17
2007-07-13
No

I discovered that the /files/edit_2.php, /files/new.php had a security breach in the way it stores the file on the server (potential to run script files). It now stores the file as a random number, which also meant needing to change /files/download.php.

All 3 updated files are contained in the tarball.

Randy

Discussion

  • Randy Martinsen

    Randy Martinsen - 2007-07-13
    • assigned_to: nobody --> braverock
     
  • Randy Martinsen

    Randy Martinsen - 2007-09-11

    Logged In: YES
    user_id=1640978
    Originator: YES

    I found additional bugs related to OWL plugin activation (or lact of it). I am replacing the originally uploaded file with this one. It contains all scripts in the /files/ directory because all of them had to be touched.

     
  • Randy Martinsen

    Randy Martinsen - 2007-09-11

    Replaces all scripts in /files/

     
  • Randy Martinsen

    Randy Martinsen - 2007-09-11

    Logged In: YES
    user_id=1640978
    Originator: YES

    File Added: files.rar

     
  • Randy Martinsen

    Randy Martinsen - 2007-10-17
    • status: open --> closed
     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks