Changeset 111687 in spip-zone


Ignore:
Timestamp:
Sep 26, 2018, 9:38:38 AM (7 months ago)
Author:
cedric@…
Message:

https://core.spip.net/issues/4173 : ne pas permettre d'acceder a des URLs locales du serveur via l'upload de documents distants

Location:
_core_/plugins/medias
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • _core_/plugins/medias/inc/joindre_document.php

    r109752 r111687  
    8181                        return _T('medias:erreur_indiquez_un_fichier');
    8282                }
     83                include_spip('inc/distant');
     84                if (!valider_url_distante($path)) {
     85                        return _T('medias:erreur_upload_type_interdit', array('nom' => $path));
     86                }
    8387                include_spip('action/ajouter_documents');
    8488                $infos = renseigner_source_distante($path);
  • _core_/plugins/medias/paquet.xml

    r110555 r111687  
    22        prefix="medias"
    33        categorie="multimedia"
    4         version="2.21.13"
     4        version="2.21.14"
    55        etat="stable"
    66        compatibilite="[3.3.0-dev;3.3.*]"
Note: See TracChangeset for help on using the changeset viewer.