Project

General

Profile

Bug #2722

Fixing security problems when downloading documents

Added by Julio Montoya about 10 years ago. Updated about 10 years ago.

Status:
Feature implemented
Priority:
Urgent
Assignee:
Julio Montoya
Category:
-
Target version:
1.8.8 stable
Start date:
02/02/2011
Due date:
% Done:

100%

Estimated time:
Complexity:
Challenging
SCRUM pts - complexity:
?

Associated revisions

Revision 37eee0ff (diff)
Added by Julio Montoya about 10 years ago

Fixing security issue when downloading a document see #2722, adding check_abs + making more restrict the Document::is_visible function

Revision cd31a9aa (diff)
Added by Julio Montoya about 10 years ago

Adding trailing slash see #2722

Revision 09b7f334 (diff)
Added by Julio Montoya about 10 years ago

Adding check_abs_path when using the DocumentManager::file_send_for_download to prevent downloading unwanted files see #2722

Revision 66c9c30f (diff)
Added by Alex Aragon over 2 years ago

add css cropper in app.css - refs refs #2722

History

#2

Updated by Julio Montoya about 10 years ago

I found more problems when using the DocumentManager::file_send_for_download see

http://code.google.com/p/chamilo/source/detail?r=f2254d813f3a44a0a1b1717876b3c81df72a6879&repo=classic

#3

Updated by Julio Montoya about 10 years ago

  • % Done changed from 50 to 70

There is also a problem with exercice/Hpdownload.php and work/download.php that is already fixed with the previous commit

#4

Updated by Julio Montoya about 10 years ago

  • Status changed from Assigned to Needs more info
#5

Updated by Julio Montoya about 10 years ago

  • Status changed from Needs more info to Feature implemented
  • % Done changed from 70 to 100

Also available in: Atom PDF