Fix filemanager security breaches by jolelievre · Pull Request #11285 · PrestaShop/PrestaShop

jolelievre · 2018-11-06T17:32:43Z

Questions	Answers
Branch?	1.7.4.x
Description?	Fix security breaches in TinyMCE filemanager plugin. Remove filemanager action image_size. Check mime type when uploading files. Fixed arbitrary image write/overwrite in Windows installation. Prevent image directory deletion.
Type?	bug fix
Category?	BO
BC breaks?
Deprecations?
Fixed ticket?
How to test?

This change is

Check mime type when uploading files (1.7.4.x)

Update prestashop version

Quetzacoalt91 and others added 9 commits October 25, 2018 18:14

Check mime type when uploading files

0d1bc50

Merge pull request #3 from PrestaShop/check-mime-type

960f66a

Check mime type when uploading files (1.7.4.x)

Remove filemanager action image_size

330a38b

Avoid current folder from being deleted

d0e6ef8

Fixed image write/overwrite in Windows installation

9d0cda2

update dependencies for security

a8ec93f

Check realpath only when folder/file actually exists

2f9eff4

update prestashop version

1255a91

Merge pull request #9 from PrestaShop/update-version

2798201

Update prestashop version

prestonBot added 1.7.4.x Bug Type: Bug labels Nov 6, 2018

Quetzacoalt91 approved these changes Nov 6, 2018

View reviewed changes

jolelievre merged commit 76619b5 into PrestaShop:1.7.4.x Nov 6, 2018

jolelievre added this to the 1.7.4.4 milestone Nov 6, 2018

jolelievre deleted the filemanager-fix-174 branch November 27, 2018 11:09

Provide feedback