Small Security Issue

This discussion is related to the ImageUpload addon.
BleistivtBleistivt MVP
edited August 2014 in Feedback

This plugin doesn't check wether the User is logged in, allowing anybody who has the URL to upload an image.

While this won't lead to a compromise of vanilla (and uploads with this plugin are anonymous anyway), I think only users that are logged in should be able to upload.

To fix it change this:

public function PostController_Imageupload_create()
{
    $Session = Gdn::Session();
    if (!$Session->IsValid())
        return;

My themes: pure | minusbaseline - My plugins: CSSedit | HTMLedit | InfiniteScroll | BirthdayModule | [all] - PM me about customizations

  • Vanilla APP » Learn more «
  • iOS & Android App for Vanilla - White label app for your forum
LincperegrineShadowdareUnderDogwhu606hgtonight

Comments

  • whu606whu606 I'm not a SuperHero; I just like wearing tights... Moderator

    @Bleistivt

    But if guests can't post, how can they exploit this?

  • LincLinc Director of Development Detroit Vanilla Staff

    @whu606 That endpoint is separate from the posting mechanism. You don't need to be creating a post to upload a file to the server.

    UnderDog
  • whu606whu606 I'm not a SuperHero; I just like wearing tights... Moderator
    edited August 2014

    Ah!

    I bow to your wisdom, o code Yoda

  • LincLinc Director of Development Detroit Vanilla Staff

    Everything's coming up Millhouse.

Sign In or Register to comment.