Uploaded image for project: 'HTML Form Entry Module'
  1. HTML Form Entry Module
  2. HTML-730

Do not allow loading arbitrary files

    XMLWordPrintable

    Details

    • Type: Enhancement
    • Status: Closed
    • Priority: Must
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: HTML Form Entry 3.11.0
    • Labels:
      None
    • Complexity:
      Low

      Description

      The HtmlFormFromFileController allows loading classes from files. The files loaded need to be restricted to prevent the loading of possibly harmful files.

      Acceptance Criteria:

      • It should not be possible to load a file via path traversal
      • It should not be possible to load a file via an absolute path

        Attachments

          Activity

            People

            Assignee:
            ibacher Ian Bacher
            Reporter:
            ibacher Ian Bacher
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: