New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Stop duplicate flags in templatedetails.extra_flags + security fix to website_code/php/properties/delete_file_template.php #57
Conversation
…itrary file (SECURITY FIX)
Try and improve security around website_code/php/properties/delete_file_template.php - so at least only logged in users can delete arbitrary files off the webserver. Note - I've had trouble duplicating / triggering this code - and it probably needs more work still - but this change should be better than nothing. File deletion seemed to happen nearly randomly to me. I'm assuming it's called from the flash LO editor. $_POST['path'] really needs checking/filtering (i.e. stop it containing ../ and so on). |
…nam to create zip in temporary directory and not in CWD.
…n array instead); document function
…eak the file download/name header
…e_code/php/properties/properties_template.php)
…ith zip file creation; use tempnam() for tmp file
Fixes memory issue with template exporting - by using the inbuilt PHP zip extension if it's available. If the php zip extension isn't available, zip file creation should occur as before. |
Stop duplicate flags in templatedetails.extra_flags + security fix to website_code/php/properties/delete_file_template.php
Improve the storing of new extra_flags (e.g. changing the template from flash to javascript).
This change stops duplicate keys.