mirror of
https://github.com/JLiscom/OpenNote.git
synced 2026-04-25 08:15:48 +03:00
[GH-ISSUE #12] security problem #12
Labels
No labels
bug
enhancement
pull-request
question
wontfix
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
starred/OpenNote-JLiscom#12
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @shel3over on GitHub (Nov 5, 2013).
Original GitHub issue: https://github.com/JLiscom/OpenNote/issues/12
the ckeditor used in the script can be used to upload php files and this can very dangerous for the website
you can check the web site of the demo & you can find lots of file uploaded there ( php shells )
@JLiscom commented on GitHub (Nov 6, 2013):
Have you ever known about something and completely forgot it until something went terribly wrong?
Disabled in the demo. In future I wont allow direct access to files.
@shel3over commented on GitHub (Nov 6, 2013):
@FoxUSA if you dont have time to work on it i'm happy to help :)
@JLiscom commented on GitHub (Nov 12, 2013):
I wont stop you from taking a crack at it. I was thinking of creating a db table to track the original file name, and a random file name to be stored on the disk. A php script will then be used to retrieve the file from an id. I like this approach because it will also allow me to restrict downloading to the user that uploaded and at some point who the user shares it with.
Or, upload all the files into the database. I am on the fence with that approach.
@shel3over commented on GitHub (Nov 12, 2013):
@FoxUSA a very nice idea :)
@JLiscom commented on GitHub (Nov 17, 2013):
support in 13.11.6