Ticket #595 (closed 改善提案: 修正済)

Opened 11 years ago

Last modified 10 years ago

不正なファイルアップロードが行われる可能性

Reported by: nanasess Owned by: nanasess
Priority: Milestone: EC-CUBE2.11.0
Component: 管理画面 Version: 2.4.2
Keywords: Cc:
修正済み:

Description

HTTP POST によって, ファイルアップロードを行う場合は, move_uploaded_file 関数で, 有効なファイルアップロードか検証する必要があります.

 http://jp2.php.net/manual/ja/function.move-uploaded-file.php

Change History

comment:1 Changed 10 years ago by nanasess

  • Milestone changed from EC-CUBE2.5.0beta to EC-CUBE2.5.1(仮)

comment:2 Changed 10 years ago by nanasess

  • Owner changed from somebody to nanasess
  • Status changed from new to assigned
  • Milestone changed from EC-CUBE2.11.1(仮) to EC-CUBE2.11.0

comment:3 Changed 10 years ago by nanasess

  • Status changed from assigned to closed
  • Resolution set to 修正済

r20617 で対応しました

Note: See TracTickets for help on using tickets.