-
Jared Hancock authored
This fixes a security issue where, by crafting a special POST request to the client open.php page, an (unauthenticated) user could get a URL link to access to any attachment already uploaded in the system by guessing or brute-forcing the file's ID number. This patch addresses the issue by registering the uploaded file's ID in the current user's session. When processing the list of file ID's attached to the FileUploadField, the files must already have been attached to the field or have been newly attached in the current session. Fixes #2615 References: "Security issue - Download attachments submitted by others" https://github.com/osTicket/osTicket-1.8/issues/2615
Jared Hancock authoredThis fixes a security issue where, by crafting a special POST request to the client open.php page, an (unauthenticated) user could get a URL link to access to any attachment already uploaded in the system by guessing or brute-forcing the file's ID number. This patch addresses the issue by registering the uploaded file's ID in the current user's session. When processing the list of file ID's attached to the FileUploadField, the files must already have been attached to the field or have been newly attached in the current session. Fixes #2615 References: "Security issue - Download attachments submitted by others" https://github.com/osTicket/osTicket-1.8/issues/2615
