Bug #1239
closedsilly to let anyone download anything if they know where it is
Added by Anchi Cheng over 13 years ago. Updated over 13 years ago.
0%
Updated by Anchi Cheng over 13 years ago
- Assignee changed from Anchi Cheng to Eric Hou
r15504 fix this
Updated by Eric Hou over 13 years ago
Hi Anchi!
From what I see from code means we are allow login user to download file except "config.*" and "dbemauth.*" files. (correct me if I am wrong).
Couple passable problems:
First, what happen if user does not use myami login system?
Second, what happen if user is login, but did not pass the privilege check?
I think you might need a return "false" at the end of the "checkExptAccessPrivilege" function.
So if the function return false, the download.php need to exit out or display message to user. Because right now it will still generate the file even through the function did not return true.
Thanks.
Updated by Eric Hou over 13 years ago
- Status changed from In Code Review to Assigned
- Assignee changed from Eric Hou to Anchi Cheng
Updated by Anchi Cheng over 13 years ago
- Status changed from Assigned to In Code Review
- Assignee changed from Anchi Cheng to Eric Hou
"checkExptAccessPrivilege" contains redirct either to login.php or accessdeny.php in all cases when the function is meant to return false so in effect it does not go back to the called script at all. If logged in, it goes to accessdeny.php. If not logged in, it goes to login.php It will only return to the called script if the preivilege check is passed by both criteria.
Because I don't want anyone, even those with expt access privilege (including the case when login is not enabled) to download critical files or files from other sessions, in the case of logged-in user. They are checked again after the preivilege. This is at the file level not the database level.
Updated by Eric Hou over 13 years ago
- Status changed from In Code Review to Assigned
- Assignee changed from Eric Hou to Anchi Cheng
Hi Anchi,
Thank you for your explain.
So in download.php line 8
You can do:
if(!checkExptAccessPrivilege($sessionId,'data')) exit;
That should be take care all the problem. (Because when you redirect to other script, the original script will still keep running in the back).
Thanks.
Eric
Updated by Eric Hou over 13 years ago
beside the comment I wrote before. The other way is
in function checkExptAccessPrivilege, instead of return false, use exit. Than you don't need to change lots of file calling this function.
Thanks.
Eric
Updated by Anchi Cheng over 13 years ago
- Status changed from Assigned to In Code Review
- Assignee changed from Anchi Cheng to Eric Hou
r15507 did the exit in login.inc
Updated by Eric Hou over 13 years ago
- Status changed from In Code Review to In Test
- Assignee changed from Eric Hou to Amber Herold
Updated by Amber Herold over 13 years ago
- Status changed from In Test to Closed