-
Notifications
You must be signed in to change notification settings - Fork 721
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Exploitable Upload method in "UploadController.php" #32
Comments
Hi @rebootcode |
well, question is not about authentication, question is about uploadType , you should add file type allowed , as any user can upload "php" or other file type. @youchenlee This is not question, this is security issue |
@rebootcode Appreciate your suggestion. It would be great to have a whitelist of available MIME types or file extensions configurations. |
…t pdf/docs upload #29 Also remove Session, I don't see why filemanager need session.
The release 1.3.0-alpha should fix this. |
modify delete rules
Hi, there is no file upload validation check here :- https://github.com/UniSharp/laravel-filemanager/blob/master/src/controllers/UploadController.php#L40 ?
On given fact , "Upload" can be done with any method "GET|HEAD|POST|PUT|PATCH|DELETE" ??
The text was updated successfully, but these errors were encountered: