Bug #617
Avatar gallery url sanitation
| Status: | Closed | Start: | 12/24/2009 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assigned to: | Ryan Gordon | % Done: | 100% |
|
| Category: | - | |||
| Target version: | - | |||
| Reproducibility: | Always | Reported In MyBB Version: | 1.4.10 |
Description
Input passed to the "avatar" parameter when changing a user's avatar via the gallery is not sanitized from relative urls ("./" and "../") before being used to check for the existence of files. This could be used to select a file as an avatar outside of the gallery directory.
Associated revisions
Fixes Avatar gallery url sanitation (fixes:617)
Fixes Avatar gallery url sanitation (fixes:617)
Fixes Avatar gallery url sanitation (fixes:617)
Fixes Avatar gallery url sanitation (fixes:617)
History
Updated by Ryan Gordon 8 months ago
- Status changed from Assigned to Resolved
- % Done changed from 0 to 100
Applied in changeset r4651.
Updated by Ryan Gordon 8 months ago
Applied in changeset r4657.
Updated by Ryan Gordon 8 months ago
SQA, I've verified the fix works to patch the issue but please test to make sure there are no other related regressions. Thanks!
Updated by Ryan Gordon 8 months ago
Applied in changeset r4663.
Updated by Ryan Gordon 8 months ago
Applied in changeset r4666.
Updated by Michael Schlechtinger 8 months ago
- Status changed from Resolved to Closed
Updated by Ryan Gordon 8 months ago
- Category changed from User Control Panel to 12
Updated by Ryan Gordon 6 months ago
- Project changed from MyBB to Security Issues
- Category deleted (
12) - Target version deleted (
1.4.11)