You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I've notice that your using the full path of the tempfile in the confirmation form.
While it would be hard to take advantage of this, it allows an attacker to try to read
and parse files by modifying the value of the hidden form field.
What I would propose is to use only the basename of the tempfile instead of the
full path. And then read it like this in the views:
Thanks for report. This is valid issue and should be addressed asap even as you say it would be difficult to take advantage of it.
Besides using only basename in field, it should be also checked that absolute path of joined temp file starts with tempdir path, for cases when attacker change field value so it includes "../", etc.
I've notice that your using the full path of the tempfile in the confirmation form.
While it would be hard to take advantage of this, it allows an attacker to try to read
and parse files by modifying the value of the hidden form field.
What I would propose is to use only the basename of the tempfile instead of the
full path. And then read it like this in the views:
The text was updated successfully, but these errors were encountered: