Small Security Issue
This plugin doesn't check wether the User is logged in, allowing anybody who has the URL to upload an image.
While this won't lead to a compromise of vanilla (and uploads with this plugin are anonymous anyway), I think only users that are logged in should be able to upload.
To fix it change this:
public function PostController_Imageupload_create() { $Session = Gdn::Session(); if (!$Session->IsValid()) return;
My themes: pure | minusbaseline - My plugins: CSSedit | HTMLedit | InfiniteScroll | BirthdayModule | [all] - PM me about customizations
VanillaSkins.com - Plugins, Themes and Graphics for Vanillaforums OS
6
Comments
@Bleistivt
But if guests can't post, how can they exploit this?
@whu606 That endpoint is separate from the posting mechanism. You don't need to be creating a post to upload a file to the server.
Ah!
I bow to your wisdom, o code Yoda
Everything's coming up Millhouse.