Context Navigation

Changeset 982618

Timestamp:

09/06/2014 01:59:47 AM (12 years ago)

Author:

lynton_reed

Message:

fix for reported vulnerability issue where authenticated users could manipulate the accept_file_types parameter to upload php files.

Location:

work-the-flow-file-upload/trunk

Files:

-                      r954893
+                      r982618
 Requires at least: 3.5.1
 Tested up to: 3.9.1
 Stable tag: 2.3.1
+Stable tag: 2.3.2
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
 …
 == Changelog ==
+= 2.3.2 =
+* Fix for accept_file_types vulnerability where malicious authenticated users could manipulate the allowed upload file types to upload files with .php extensions
 = 2.3.1 =
 * Fix loading of new demo workflow bug.
 …
 == Upgrade Notice ==
+= 2.3.2 =
+* Fix for accept_file_types vulnerability where malicious authenticated users could manipulate the allowed upload file types to upload files with .php extensions
 = 2.3.1 =
 * Fix loading of new demo workflow bug.

r920619	r982618
146	146	$options[$k] = '/\.(' . $v . ')$/i';
147	147	}
	148	$options[$k] = preg_replace("/php/i", "", $options[$k]);
	149	log_me(array($k => $options[$k]));
148	150	break;
149	151	case 'max_number_of_files' :

r954893	r982618
5	5	* Plugin URI: http://wtf-fu.com
6	6	* Description: Front end Html5 File Upload and configurable Workflow steps. Multiple file drag and drop, gallery image display, file reordering and archiving.
7		* Version: 2.3.1
	7	* Version: 2.3.2
8	8	* Author: Lynton Reed
9	9	* Author URI: http://wtf-fu.com

Note: See TracChangeset for help on using the changeset viewer.