Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

files: Verify files attached to a FileUploadField #2618

Merged
merged 1 commit into from Oct 5, 2015

Conversation

greezybacon
Copy link
Contributor

This fixes a security issue where, by crafting a special POST request to the client open.php page, an (unauthenticated) user could get a URL link to access to any attachment already uploaded in the system by guessing or brute-forcing the file's ID number.

This patch addresses the issue by registering the uploaded file's ID in the current user's session. When processing the list of file ID's attached to the FileUploadField, the files must already have been attached to the field or have been newly attached in the current session.

Fixes #2615

References:
"Security issue - Download attachments submitted by others"
#2615

This fixes a security issue where, by crafting a special POST request to the
client open.php page, an (unauthenticated) user could get a URL link to
access to any attachment already uploaded in the system by guessing or
brute-forcing the file's ID number.

This patch addresses the issue by registering the uploaded file's ID in the
current user's session. When processing the list of file ID's attached to
the FileUploadField, the files must already have been attached to the field
or have been newly attached in the current session.

Fixes osTicket#2615

References:
"Security issue - Download attachments submitted by others"
osTicket#2615
@greezybacon greezybacon changed the title files: Only allow files uploaded in this session files: Verify files attached to a FileUploadField Oct 3, 2015
protich added a commit that referenced this pull request Oct 5, 2015
files: Verify files attached to a FileUploadField

Reviewed-By: Peter Rotich <peter@osticket.com>
@protich protich merged commit f9ac032 into osTicket:develop Oct 5, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Security issue - Download attachments submitted by others
2 participants