[Vtigercrm-developers] Uploading att to comment
Rubén A. Estrada Orozco
rulotec1 at gmail.com
Tue Jun 16 15:49:26 GMT 2020
Hi, I don't know if it's related but I had problems with files uploaded in
vtiger 7.2. For example users' photos don't display correctly and I also
noticed those modified file names. Maybe some bugs were introduced with
this new feature.
Saludos
Rubén
On Tue, Jun 16, 2020 at 10:16 AM Uma S <uma.s at vtiger.com> wrote:
> Hi Team,
>
> As file name disclosure will lead to an xss vulnerability through
> end-point, We have made these changes not to disclose filename.
>
> On Tue, Jun 16, 2020 at 1:04 PM Alan Lord <alanslists at gmail.com> wrote:
>
>> There were several patches committed to master a while ago for this:
>>
>>
>> https://code.vtiger.com/vtiger/vtigercrm/merge_requests?%20utf8=%C3%A2%C2%9C%C2%93&issue_search=obscu&state=all&scope=all&assignee_id=&author_id=&milestone_id=&label_id=
>>
>> All attachments now are stored as an md5 hash.
>>
>> HTH
>>
>> Al
>>
>> On 16/06/2020 00:48, Tony Sandman wrote:
>> > Gents, while uploading attachment to ticket comment, the original file
>> > name changing to 547094_033032447bc4a81fdfc7e50119360452.pdf and
>> similar.
>> > That random naming make document not accessible.
>> > Any tips on that?
>> >
>> > Cheers
>> >
>> > _______________________________________________
>> > http://www.vtiger.com/
>> >
>>
>>
>> _______________________________________________
>> http://www.vtiger.com/
>
>
>
> --
> With
> Best Regards
> Uma.S
> Vtiger Team
> _______________________________________________
> http://www.vtiger.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20200616/5c0023ac/attachment.html>
More information about the vtigercrm-developers
mailing list