Ticket #5848 (closed defect: fixed)

Opened 9 months ago

Last modified 9 months ago

Any registered user can upload files in async-upload.php

Reported by: xknown Assigned to: anonymous
Priority: normal Milestone: 2.5
Component: Security Version: 2.5
Severity: normal Keywords:
Cc:

Description

There isn't capability checks in async-upload.php, so any registered user is able to upload files.

Attachments

5848.patch (0.6 kB) - added by xknown on 02/13/08 23:11:41.
check upload_files capability

Change History

02/13/08 23:11:41 changed by xknown

  • attachment 5848.patch added.

check upload_files capability

02/13/08 23:16:11 changed by ryan

  • status changed from new to closed.
  • resolution set to fixed.

(In [6830]) Add capability check to async-upload. Props xknown. fixes #5848