MantisBT - ATutor
View Issue Details
0002503ATutorContentpublic2006-06-09 09:482006-06-12 10:53
user2 
user2 
normalmajoralways
closedfixed 
 
1.5.3 
SVN
0002503: exporting content files
exporting a content page which came from a content package and links to a FM file using a relative path ( ../path/image.gif ) does not include those files in the exported package.

paths that start with / or .. are ignored when retrieving files from the content directory to include in the CP, for security reasons. removing that check would allow anyone to link to any file and export the page to retrieve that file. (ims_template.inc.php : 107 )

need a better way to check if a file is in the content directory with a relative path: see previous comments regarding FM security.
No tags attached.
Issue History
2006-06-09 09:48user2New Issue
2006-06-09 09:48user2Affects version => SVN
2006-06-09 09:48user2Description Updated
2006-06-12 07:36user2Statusnew => resolved
2006-06-12 07:36user2Fixed in Version => 1.5.3
2006-06-12 07:36user2Resolutionopen => fixed
2006-06-12 07:36user2Assigned To => user2
2006-06-12 10:53user2Statusresolved => closed

There are no notes attached to this issue.