Bug #2722

Fixing security problems when downloading documents

Added by Julio Montoya over 6 years ago. Updated about 6 years ago.

Status:Feature implementedStart date:02/02/2011
Priority:UrgentDue date:
Assignee:Julio Montoya% Done:

100%

Category:-Spent time:-
Target version:1.8.8 stable
Complexity:Challenging SCRUM pts - complexity:?

Associated revisions

Revision 37eee0ff
Added by Julio Montoya over 6 years ago

Fixing security issue when downloading a document see #2722, adding check_abs + making more restrict the Document::is_visible function

Revision cd31a9aa
Added by Julio Montoya over 6 years ago

Adding trailing slash see #2722

Revision 09b7f334
Added by Julio Montoya over 6 years ago

Adding check_abs_path when using the DocumentManager::file_send_for_download to prevent downloading unwanted files see #2722

History

#2 Updated by Julio Montoya over 6 years ago

I found more problems when using the DocumentManager::file_send_for_download see

http://code.google.com/p/chamilo/source/detail?r=f2254d813f3a44a0a1b1717876b3c81df72a6879&repo=classic

#3 Updated by Julio Montoya over 6 years ago

  • % Done changed from 50 to 70

There is also a problem with exercice/Hpdownload.php and work/download.php that is already fixed with the previous commit

#4 Updated by Julio Montoya over 6 years ago

  • Status changed from Assigned to Needs more info

#5 Updated by Julio Montoya about 6 years ago

  • Status changed from Needs more info to Feature implemented
  • % Done changed from 70 to 100

Also available in: Atom PDF