- security: A problem was discovered and fixed in which users could email executable attachments to a collaboration system and then when viewed online, could execute them.
This commit is contained in:
JT Smith
parent
1fb383ec73
commit
943e220508
2 changed files with 7 additions and 3 deletions
|
|
@ -1,4 +1,5 @@
|
||||||
7.6.5
|
7.6.5
|
||||||
|
- security: A problem was discovered and fixed in which users could email executable attachments to a collaboration system and then when viewed online, could execute them.
|
||||||
- fixed #8800: Errors in POD of Asset-related mix-in modules (Bernd Kalbfuß-Zimmermann)
|
- fixed #8800: Errors in POD of Asset-related mix-in modules (Bernd Kalbfuß-Zimmermann)
|
||||||
- fixed: Products imported into the Shelf have bad URLs
|
- fixed: Products imported into the Shelf have bad URLs
|
||||||
- Deprecated WebGUI::Storage::Image. WebGUI::Storage can now do everything WebGUI::Storage::Image can do.
|
- Deprecated WebGUI::Storage::Image. WebGUI::Storage can now do everything WebGUI::Storage::Image can do.
|
||||||
|
|
|
||||||
|
|
@ -365,9 +365,12 @@ The content to write to the file.
|
||||||
=cut
|
=cut
|
||||||
|
|
||||||
sub addFileFromScalar {
|
sub addFileFromScalar {
|
||||||
my $self = shift;
|
my ($self, $filename, $content) = @_;
|
||||||
my $filename = $self->session->url->makeCompliant(shift);
|
if (isIn($self->getFileExtension($filename), qw(pl perl sh cgi php asp html htm))) { # make us safe from malicious uploads
|
||||||
my $content = shift;
|
$filename =~ s/\./\_/g;
|
||||||
|
$filename .= ".txt";
|
||||||
|
}
|
||||||
|
$filename = $self->session->url->makeCompliant($filename);
|
||||||
if (open(my $FILE, ">", $self->getPath($filename))) {
|
if (open(my $FILE, ">", $self->getPath($filename))) {
|
||||||
print $FILE $content;
|
print $FILE $content;
|
||||||
close($FILE);
|
close($FILE);
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue