Skip to content
Snippets Groups Projects
Commit fdad9239 authored by Peter Rotich's avatar Peter Rotich
Browse files

Always force server-side attachments validation

osTicket supports filtering allowable files on the client-side via JS as
well as server-side on upload.

Ajax based upload skipped server-side validation with the assumption that
the client already validated the file upload. For most cases this is a valid
assumption (ajax only works if JS is enabled) but fails to account for cases
where HTTP requests is intercepted and changed on transit or the request is
posted directly to the ajax interface.

This commit forces server-side file upload validation.
parent a4668e2e
No related branches found
No related tags found
No related merge requests found
......@@ -358,7 +358,7 @@ class DynamicFormsAjaxAPI extends AjaxController {
function attach() {
$field = new FileUploadField();
return JsonDataEncoder::encode(
array('id'=>$field->ajaxUpload(true))
array('id'=>$field->ajaxUpload())
);
}
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment