Uploaded image for project: 'HTML Form Entry Module'
  1. HTML Form Entry Module
  2. HTML-730

Do not allow loading arbitrary files

    XMLWordPrintable

Details

    • Enhancement
    • Status: Closed
    • Must
    • Resolution: Fixed
    • None
    • HTML Form Entry 3.11.0
    • None
    • Low

    Description

      The HtmlFormFromFileController allows loading classes from files. The files loaded need to be restricted to prevent the loading of possibly harmful files.

      Acceptance Criteria:

      • It should not be possible to load a file via path traversal
      • It should not be possible to load a file via an absolute path

      Gliffy Diagrams

        Attachments

          Activity

            People

              ibacher Ian Bacher
              ibacher Ian Bacher
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: