[savannah-help-public] [sr #109422] Temporary upload (/register/upload.p

savannah-hackers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[savannah-help-public] [sr #109422] Temporary upload (/register/upload.p

From:	Dom Walden
Subject:	[savannah-help-public] [sr #109422] Temporary upload (/register/upload.php) can overwrite another user's file if filename is the same
Date:	Mon, 27 Nov 2017 15:36:18 -0500 (EST)
User-agent:	Mozilla/5.0 (Windows NT 6.1; rv:52.0) Gecko/20100101 Firefox/52.0

URL:
  <http://savannah.gnu.org/support/?109422>

                 Summary: Temporary upload (/register/upload.php) can
overwrite another user's file if filename is the same
                 Project: Savannah Administration
            Submitted by: drw
            Submitted on: Mon 27 Nov 2017 08:36:16 PM UTC
                Category: Savannah trackers - bugs, tasks, etc.
                Priority: 5 - Normal
                Severity: 6 - Security
                  Status: None
             Assigned to: None
        Originator Email: 
        Operating System: GNU/Linux
             Open/Closed: Open
         Discussion Lock: Any

    _______________________________________________________

Details:

_Problem_

Uploading a file via /register/upload.php will overwrite a file of the same
name in $GLOBALS['sys_upload_dir'] (on mine /var/www/submissions_uploads/).

I have reproduced this on my system (details below) with two different users,
each uploading a file with the same filename but different contents. I checked
that the file's size and contents in /var/www/submissions_uploads/ had changed
between the two uploads.

_Potential Solutions_

Checking online, PHP's move_uploaded_file() apparently will overwrite files.
Perhaps check whether a file already exists of the same name, and change the
name of the newly uploaded file (perhaps add a unique identifier). Inform the
user of the changed filename (obviously).

_My System and Savane Version_

savane version: git commit af1d2bb2918e48bc1d8c5df244872566f9f81ec7 (Thu Sep
28 10:54:57 2017 +0000)

I am running savane in a docker (version 1.6.2) container on my Debian Jessie
machine. The docker container is based on a Debian Jessie image. Otherwise,
setup was taken from
https://savannah.gnu.org/maintenance/RunningSavaneLocally/ (my MySQL server
runs on another local docker container).




    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/support/?109422>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/

[Prev in Thread]

Current Thread

[Next in Thread]

[savannah-help-public] [sr #109422] Temporary upload (/register/upload.php) can overwrite another user's file if filename is the same, Dom Walden <=

Prev by Date: [savannah-help-public] [sr #109392] CVS access for web pages failed
Next by Date: [savannah-help-public] [sr #109423] Non-BMP characters truncate comments
Previous by thread: [savannah-help-public] [sr #109392] CVS access for web pages failed
Next by thread: [savannah-help-public] [sr #109423] Non-BMP characters truncate comments
Index(es):
- Date
- Thread