- security: A problem was discovered and fixed in which users could email executable attachments to a collaboration system and then when viewed online, could execute them.
This commit is contained in:
JT Smith
parent
1fb383ec73
commit
943e220508
2 changed files with 7 additions and 3 deletions
|
|
@ -365,9 +365,12 @@ The content to write to the file.
|
|||
=cut
|
||||
|
||||
sub addFileFromScalar {
|
||||
my $self = shift;
|
||||
my $filename = $self->session->url->makeCompliant(shift);
|
||||
my $content = shift;
|
||||
my ($self, $filename, $content) = @_;
|
||||
if (isIn($self->getFileExtension($filename), qw(pl perl sh cgi php asp html htm))) { # make us safe from malicious uploads
|
||||
$filename =~ s/\./\_/g;
|
||||
$filename .= ".txt";
|
||||
}
|
||||
$filename = $self->session->url->makeCompliant($filename);
|
||||
if (open(my $FILE, ">", $self->getPath($filename))) {
|
||||
print $FILE $content;
|
||||
close($FILE);
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue