Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[SECURITY FIX] filemanager file extensions #7745

Merged
merged 2 commits into from Feb 26, 2019

Conversation

Projects
None yet
2 participants
@JarJak
Copy link
Member

JarJak commented Feb 26, 2019

A logged in user could rename previosly uploaded file to any extension. Uploading malicious file and changing it's extension to .php could lead to remote code execution.

Now files can be renamed only to extensions that are allowed for upload.

JarJak and others added some commits Feb 21, 2019

Jarek Jakubowski
@bobdenotter
Copy link
Member

bobdenotter left a comment

🚀

@JarJak JarJak merged commit 6d3a10f into bolt:3.6 Feb 26, 2019

1 check passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details

@JarJak JarJak changed the title Fix filemanager file extensions [SECUTIRY FIX] filemanager file extensions Feb 26, 2019

@JarJak JarJak changed the title [SECUTIRY FIX] filemanager file extensions [SECURITY FIX] filemanager file extensions Feb 26, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.