Don't allow users to change the file extension of photos/movies - gallery3.git - A clone of the Gallery3 code for testing and development.

diff options

author	Bharat Mediratta <bharat@menalto.com>	2009-10-13 10:36:50 -0700
committer	Bharat Mediratta <bharat@menalto.com>	2009-10-13 10:36:50 -0700
commit	0a66ef9cc785fa5fb3614e7664c424d13ff09728 (patch)
tree	a78970b7a87d89d7c3080daa8198423e0d6d7fd5 /modules/server_add/js
parent	b6c1ba7ea6416630b2a44b3df8400a2d48460b0a (diff)

Don't allow users to change the file extension of photos/movies

If you can change the extension, then you can alter the way the server handles the file, which is a security problem. So for example, you can change a .JPG to a .PHP and then if you put some malicious PHP code in the EXIF data, you can get the server to execute it. Vulnerability is low because only users who have edit permissions could do this. Fixes ticket #846

Diffstat (limited to 'modules/server_add/js')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: