Stop duplicate flags in templatedetails.extra_flags + security fix to website_code/php/properties/delete_file_template.php #57
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…itrary file (SECURITY FIX)
|
Try and improve security around website_code/php/properties/delete_file_template.php - so at least only logged in users can delete arbitrary files off the webserver. Note - I've had trouble duplicating / triggering this code - and it probably needs more work still - but this change should be better than nothing. File deletion seemed to happen nearly randomly to me. I'm assuming it's called from the flash LO editor. $_POST['path'] really needs checking/filtering (i.e. stop it containing ../ and so on). |
DavidGoodwin
changed the title
…nam to create zip in temporary directory and not in CWD.
…n array instead); document function
…eak the file download/name header
…e_code/php/properties/properties_template.php)
…ith zip file creation; use tempnam() for tmp file
|
Fixes memory issue with template exporting - by using the inbuilt PHP zip extension if it's available. If the php zip extension isn't available, zip file creation should occur as before. |
torinfo
added a commit
that referenced
this pull request
May 13, 2014
Stop duplicate flags in templatedetails.extra_flags + security fix to website_code/php/properties/delete_file_template.php
Closed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Improve the storing of new extra_flags (e.g. changing the template from flash to javascript).
This change stops duplicate keys.