This repository was archived by the owner on Mar 3, 2020. It is now read-only.
Attachment Security Update #590
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* Attachments have been moved out of a web accessible direcotry (`/var/www/fbctf/src/data/`) and now reside in `/var/www/fbctf/attachments`. * Attachment downloads are now handled by an endpoint in `/data`: `attachment.php`. * All links to attachments now refer to the correct `attachment.php` endpoint location. * The `tar` command within the Attachment Import function now sets the mode to 600 at time of extraction. * The Attachment Import functionality will no longer change or attempt to change permissions on the current or parent directories. * The Attachment Import functionality will no longer change permissions on any directories, though subdirectories are not supported. * Attachment filenames will no longer be altered, excluding the inclusion of the file hash. * The provision script has been updated to support the new Attachment directory location. * Attachment specific directives are no longer set in the Mult-Server Nginx configuration. * Attachment location information has been updated in the `.gitignore` configuration.
|
|
This was referenced Dec 18, 2017
Closed
Merged
justinwray
added a commit
that referenced
this pull request
Dec 19, 2017
Merge `dev` into `master` Commits: * Merge /master into /dev (#543) (ed0a225) * Brazilian Portuguese Filename Fix (#562) (5e28529) * Spanish translations added (#566) (da4d8d1) * Update index.js (#568) (1a8286b) * Travis-CI to use Docker (#569) (b9822ff) * Make sure that requests are not being generated if an error was generated (#565) (37c43e7) * Ensure /root/tmp exists before writing there (#587) (80da145) * Attachment Security Update (#590) (780071b) * Google OAuth Security Update (#591) (7d782d3) * Major Performance Enhancements and Bug Fixes (#594) (d2659ff) * Upgrade from Ubuntu 14.04 (Trusty) to Ubuntu 16.04 (Xenial) (#601) (4dbbf10) * Merge branch 'dev' into WraySec/fbctf/merge@08d0f52
iliushin-a
pushed a commit
to iliushin-a/fbctf
that referenced
this pull request
May 16, 2018
* Attachment Security Update * Attachments have been moved out of a web accessible direcotry (`/var/www/fbctf/src/data/`) and now reside in `/var/www/fbctf/attachments`. * Attachment downloads are now handled by an endpoint in `/data`: `attachment.php`. * All links to attachments now refer to the correct `attachment.php` endpoint location. * The `tar` command within the Attachment Import function now sets the mode to 600 at time of extraction. * The Attachment Import functionality will no longer change or attempt to change permissions on the current or parent directories. * The Attachment Import functionality will no longer change permissions on any directories, though subdirectories are not supported. * Attachment filenames will no longer be altered, excluding the inclusion of the file hash. * The provision script has been updated to support the new Attachment directory location. * Attachment specific directives are no longer set in the Mult-Server Nginx configuration. * Attachment location information has been updated in the `.gitignore` configuration. * Fixed an issue with the deletion path.
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Attachments have been moved out of a web accessible direcotry (
/var/www/fbctf/src/data/) and now reside in/var/www/fbctf/attachments.Attachment downloads are now handled by an endpoint in
/data:attachment.php.All links to attachments now refer to the correct
attachment.phpendpoint location.The
tarcommand within the Attachment Import function now sets the mode to 600 at time of extraction.The Attachment Import functionality will no longer change or attempt to change permissions on the current or parent directories.
The Attachment Import functionality will no longer change permissions on any directories, though subdirectories are not supported.
Attachment filenames will no longer be altered, excluding the inclusion of the file hash.
The provision script has been updated to support the new Attachment directory location.
Attachment specific directives are no longer set in the Mult-Server Nginx configuration.
Attachment location information has been updated in the
.gitignoreconfiguration.