Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[SECURITY FIX] filemanager file extensions #7745

Merged
merged 2 commits into from Feb 26, 2019

Conversation

JarJak
Copy link
Member

@JarJak JarJak commented Feb 26, 2019

A logged in user could rename previosly uploaded file to any extension. Uploading malicious file and changing it's extension to .php could lead to remote code execution.

Now files can be renamed only to extensions that are allowed for upload.

Copy link
Member

@bobdenotter bobdenotter left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚀

@JarJak JarJak merged commit 6d3a10f into bolt:3.6 Feb 26, 2019
@JarJak JarJak changed the title Fix filemanager file extensions [SECUTIRY FIX] filemanager file extensions Feb 26, 2019
@JarJak JarJak changed the title [SECUTIRY FIX] filemanager file extensions [SECURITY FIX] filemanager file extensions Feb 26, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants