mirror of https://github.com/MISP/MISP
Fixed a security issue with the site admin file uploader
- as discovered and reported by Egidio Romano of Minded Security - The site admin file upload tool allowed for unrestricted file upload that could lead to RCE - Fixed the file uploader to be much more restrictive - removed the interactive terms file uploadpull/727/head
parent
b097435879
commit
a380458d2e
|
@ -1408,11 +1408,11 @@ class Server extends AppModel {
|
|||
'expected' => array(),
|
||||
'valid_format' => '48x48 pixel .png files',
|
||||
'path' => APP . 'webroot' . DS . 'img' . DS . 'orgs',
|
||||
'regex' => '.*\.(png|PNG)',
|
||||
'regex' => '.*\.(png|PNG)$',
|
||||
'regex_error' => 'Filename must be in the following format: *.png',
|
||||
'files' => array(),
|
||||
),
|
||||
'terms' => array(
|
||||
/*'terms' => array(
|
||||
'name' => 'Terms of Use file',
|
||||
'description' => 'Terms of use file viewable / downloadable by users. Make sure that it is either in text / html format if served inline.',
|
||||
'expected' => array('MISP.terms_file' => Configure::read('MISP.terms_file')),
|
||||
|
@ -1421,7 +1421,7 @@ class Server extends AppModel {
|
|||
'regex' => '^(?!empty).*$',
|
||||
'regex_error' => 'Filename can be any string consisting of characters between a-z, A-Z, 0-9 or one of the following: "_" or "-". The filename can also have an extension.',
|
||||
'files' => array(),
|
||||
),
|
||||
),*/
|
||||
'img' => array(
|
||||
'name' => 'Additional image files',
|
||||
'description' => 'Image files uploaded into this directory can be used for various purposes, such as for the login page logos',
|
||||
|
@ -1432,7 +1432,7 @@ class Server extends AppModel {
|
|||
),
|
||||
'valid_format' => 'text/html if served inline, anything that conveys the terms of use if served as download',
|
||||
'path' => APP . 'webroot' . DS . 'img' . DS . 'custom',
|
||||
'regex' => '.*\.(png|PNG)',
|
||||
'regex' => '.*\.(png|PNG)$',
|
||||
'regex_error' => 'Filename must be in the following format: *.png',
|
||||
'files' => array(),
|
||||
),
|
||||
|
|
Loading…
Reference in New Issue