Uploaded image for project: 'Plugins'
  1. Plugins
  2. CONTRIB-5970

tele-TASK: multiple issues with upload.php file

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Minor Minor
    • 2.9.3
    • 2.9.2
    • Module: tele-TASK
    • None
    • 2015100601
    • MOODLE_29_STABLE
    • MOODLE_29_STABLE

      As I can see, at the moment the file upload.php contains several serious and security related issues.

      • Completely inappropriate way of uploading files to Moodle (to the dirroot)
      • No access control
      • No validation / sanitization of the user input (e.g. $_REQUEST["name"] containing paths with ../../../.. etc allowing to traverse.

      This is unacceptable way of uploading files to Moodle. Let me suggest to stick with the standard forms and repository APIs for things like this.

            martin.malchow Martin Malchow
            mudrd8mz David Mudrák (@mudrd8mz)
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved:

                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.