MantisBT

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0002503ATutorContentpublic2006-06-09 09:482006-06-12 10:53
Reporteruser2 
Assigned Touser2 
PrioritynormalSeveritymajorReproducibilityalways
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version 
Target VersionFixed in Version1.5.3 
Summary0002503: exporting content files
Descriptionexporting a content page which came from a content package and links to a FM file using a relative path ( ../path/image.gif ) does not include those files in the exported package.

paths that start with / or .. are ignored when retrieving files from the content directory to include in the CP, for security reasons. removing that check would allow anyone to link to any file and export the page to retrieve that file. (ims_template.inc.php : 107 )

need a better way to check if a file is in the content directory with a relative path: see previous comments regarding FM security.
TagsNo tags attached.
Affects versionSVN
SVN Revision#
Attached Files

- Relationships

-  Notes
There are no notes attached to this issue.

- Issue History
Date Modified Username Field Change
2006-06-09 09:48 user2 New Issue
2006-06-09 09:48 user2 Affects version => SVN
2006-06-09 09:48 user2 Description Updated
2006-06-12 07:36 user2 Status new => resolved
2006-06-12 07:36 user2 Fixed in Version => 1.5.3
2006-06-12 07:36 user2 Resolution open => fixed
2006-06-12 07:36 user2 Assigned To => user2
2006-06-12 10:53 user2 Status resolved => closed


Copyright © 2000 - 2017 MantisBT Team
Powered by Mantis Bugtracker