• Hugh Davenport's avatar
    Fix saved file permissions · 2e80c7db
    Hugh Davenport authored
    Bug #1057238
    CVE-2012-2244
    
    Currently, files that are saved by Mahara use the
    directorypermissions config option, which defaults to
    0700, which allows execution.
    
    This allows users to potentially upload files with
    executable bits set, and if they have control of the
    config options pathtoclam, pathtozip, or pathtounzip
    then they could run this command when one of those
    commands are invocated.
    
    This patch bitwise-AND's the directory permissions
    config with 0666, which removes any executable bit
    and sets the result as a new config option
    filepermissions.
    
    A change the upload code to use this new option is made
    
    Change-Id: I088d9873de7797d5a9aefc2401301f8b855ed592
    Signed-off-by: default avatarHugh Davenport <hugh@catalyst.net.nz>
    2e80c7db
file.php 31.3 KB