Bug #2722
Fixing security problems when downloading documents
| Status: | Closed | Start: | 02/02/2011 | |
|---|---|---|---|---|
| Priority: | Urgent | Due date: | ||
| Assigned to: |  Julio Montoya |
% Done: | 100% |
|
| Category: | - | Spent time: | - | |
| Target version: | 1.8.8 stable | |||
| Complexity: | Challenging | SCRUM pts - complexity: | ? |
Description
Associated revisions
Fixing security issue when downloading a document see #2722, adding check_abs + making more restrict the Document::is_visible function
Adding trailing slash see #2722
Adding check_abs_path when using the DocumentManager::file_send_for_download to prevent downloading unwanted files see #2722
History
Updated by Julio Montoya over 1 year ago
- % Done changed from 0 to 50
Updated by Julio Montoya over 1 year ago
I found more problems when using the DocumentManager::file_send_for_download see
Updated by Julio Montoya over 1 year ago
- % Done changed from 50 to 70
There is also a problem with exercice/Hpdownload.php and work/download.php that is already fixed with the previous commit
Updated by Julio Montoya over 1 year ago
- Status changed from Assigned to Need feedback
Updated by Julio Montoya about 1 year ago
- Status changed from Need feedback to Closed
- % Done changed from 70 to 100