Uploaded image for project: 'Plugins'
  1. Plugins
  2. CONTRIB-5970

tele-TASK: multiple issues with upload.php file

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 2.9.2
    • Fix Version/s: 2.9.3
    • Component/s: Module: tele-TASK
    • Labels:
      None
    • Plugin Version:
      2015100601
    • Affected Branches:
      MOODLE_29_STABLE
    • Fixed Branches:
      MOODLE_29_STABLE

      Description

      As I can see, at the moment the file upload.php contains several serious and security related issues.

      • Completely inappropriate way of uploading files to Moodle (to the dirroot)
      • No access control
      • No validation / sanitization of the user input (e.g. $_REQUEST["name"] containing paths with ../../../.. etc allowing to traverse.

      This is unacceptable way of uploading files to Moodle. Let me suggest to stick with the standard forms and repository APIs for things like this.

        Attachments

          Activity

            People

            Assignee:
            martin.malchow Martin Malchow
            Reporter:
            mudrd8mz David Mudrák (@mudrd8mz)
            Participants:
            Component watchers:
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Fix Release Date:
              9/Nov/15