fix exploit #261
Closed
fix exploit #261
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
We are aware of this and have a patch for next version |
wilsonge
pushed a commit
to wilsonge/joomla-cms
that referenced
this pull request
Sep 5, 2014
Fix parse function being public in JUri
dneukirchen
pushed a commit
to dneukirchen/joomla-cms
that referenced
this pull request
Sep 28, 2017
* Update Api.php Pull Request for Issue joomla#230 . Summary of Changes when an uploaded file has spaces it is replace by a underscore (same way for folder creation). It was done by: 1. moving 'getSafeName' function from the model Api.php to the controller Api.ph 2. Call 'getSafeName' in the controller API in two places: (a) creation of a file or directory, and (b) uploading a new image 3. remove the call of 'getSafeName' in the model Testing Instructions try to upload several files with different special characters like spaces, dashes etc. Expected result 1. Uploaded file and no 403 error Actual result I made some tests in "old Joomla (3.7.2), before my changes and after it and swa the following: 1. filename with english latters and one or more spaces - "old": an error - "Unable to create folder. Folder name must only contain alphanumeric characters and no spaces." - J4 before the change - 403 - J4 after the change - all spaces are replaced with '_' 2. file name with special charcter (e.g. Hebrew) - "old": an error - "Unable to create folder. Folder name must only contain alphanumeric characters and no spaces." - J4 before the change - nothing happens - J4 after the change - nothing happens 3. directory name with spaces - "old": an error - "Unable to create folder. Folder name must only contain alphanumeric characters and no spaces." - J4 before the change - all spaces are replaced with '_' - J4 after the change - all spaces are replaced with '_' 4. directory with special charcter (e.g. Hebrew) - "old": an error - "Unable to create folder. Folder name must only contain alphanumeric characters and no spaces." - J4 before the change - nothing happens - J4 after the change - nothing happens * code style error
bembelimen
pushed a commit
to bembelimen/joomla-cms
that referenced
this pull request
Jul 15, 2019
Responsive header for install template
richard67
pushed a commit
to richard67/joomla-cms
that referenced
this pull request
Apr 3, 2020
…-sql Clean up one more SQL file - most important one - from patchtester chain
richard67
pushed a commit
to richard67/joomla-cms
that referenced
this pull request
Nov 30, 2020
* 🎨 code style * 💄 px => (r)em * 🎨 code style * 🐛 fix chevron on mm-toggle-nolink * 🐛 fix chevron on mm-toggle-nolink * prevent > 4 nested depth
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
http://secunia.com/advisories/49678/