Skip to content
Snippets Groups Projects
Commit 20537408 authored by Jared Hancock's avatar Jared Hancock
Browse files

files: Only allow files uploaded in this session 

This fixes a security issue where, by crafting a special POST request to the
client open.php page, an (unauthenticated) user could get a URL link to
access to any attachment already uploaded in the system by guessing or
brute-forcing the file's ID number.

This patch addresses the issue by registering the uploaded file's ID in the
current user's session. When processing the list of file ID's attached to
the FileUploadField, the files must already have been attached to the field
or have been newly attached in the current session.

Fixes #2615

References:
"Security issue - Download attachments submitted by others"
https://github.com/osTicket/osTicket-1.8/issues/2615
parent b1c845bf
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 24 additions and 1 deletion
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment