-
Type:
Bug Report
-
Status: New
-
Priority:
Minor
-
Resolution: Unresolved
-
Affects Version/s: None
-
Fix Version/s: None
-
Component/s: File Uploader, Security
-
Labels:None
-
Change Log Group:Changed
-
Change Log Message:The names of uploaded files are now randomized.
-
Story Points:1
-
Copy Issue Key:
-
Patch Instructions:
- add public "\kUploadHelper::randomizeFilename($filename)" method, that will: - 0.5h
- generate random 16 byte string using "SecurityGenerator::generateBytes(8)" method call
- inject it in here "{file_name}_{random_string}.{file_extension}"
- in the "\kUploadHelper::getUploadedFilename" method wrap response with "\kUploadHelper::randomizeFilename" method call - 0.3h
- in the "\kUploadFormatter::_processRegularUploader" method, when file was uploaded (the error is UPLOAD_ERR_OK) but before any validation happens wrap "$value['name']" with "\kUploadHelper::randomizeFilename" method call - 0.2h
Quote: 1h*1.4=1.5h
- mentioned in
-
Page Loading...
