Bug #2722
Fixing security problems when downloading documents
| Status: | Feature implemented | Start date: | 02/02/2011 | |
|---|---|---|---|---|
| Priority: | Urgent | Due date: | ||
| Assignee: |  Julio Montoya | % Done: | 100% | |
| Category: | - | Spent time: | - | |
| Target version: | 1.8.8 stable | |||
| Complexity: | Challenging | SCRUM pts - complexity: | ? |
Associated revisions
Fixing security issue when downloading a document see #2722, adding check_abs + making more restrict the Document::is_visible function
Adding trailing slash see #2722
Adding check_abs_path when using the DocumentManager::file_send_for_download to prevent downloading unwanted files see #2722
History
#1
Updated by Julio Montoya over 7 years ago
- % Done changed from 0 to 50
#2
Updated by Julio Montoya over 7 years ago
I found more problems when using the DocumentManager::file_send_for_download see
#3
Updated by Julio Montoya over 7 years ago
- % Done changed from 50 to 70
There is also a problem with exercice/Hpdownload.php and work/download.php that is already fixed with the previous commit
#4
Updated by Julio Montoya over 7 years ago
- Status changed from Assigned to Needs more info
#5
Updated by Julio Montoya about 7 years ago
- Status changed from Needs more info to Feature implemented
- % Done changed from 70 to 100