[Vtigercrm-developers] Uploading att to comment
Uma S
uma.s at vtiger.com
Wed Jun 17 04:54:10 GMT 2020
Hi Ruben,
I have checked for the user image in My preference and contacts profile
image and product image upload at these places it looks fine.
Now, I noticed that the user image in the comments section is not rendering
properly. Are you pointing to the same issue? If not please do specify the
case . So that i can re-check and address.
On Tue, Jun 16, 2020 at 9:24 PM Rubén A. Estrada Orozco <rulotec1 at gmail.com>
wrote:
> Hi, I don't know if it's related but I had problems with files uploaded in
> vtiger 7.2. For example users' photos don't display correctly and I also
> noticed those modified file names. Maybe some bugs were introduced with
> this new feature.
> Saludos
>
> Rubén
>
>
> On Tue, Jun 16, 2020 at 10:16 AM Uma S <uma.s at vtiger.com> wrote:
>
>> Hi Team,
>>
>> As file name disclosure will lead to an xss vulnerability through
>> end-point, We have made these changes not to disclose filename.
>>
>> On Tue, Jun 16, 2020 at 1:04 PM Alan Lord <alanslists at gmail.com> wrote:
>>
>>> There were several patches committed to master a while ago for this:
>>>
>>>
>>> https://code.vtiger.com/vtiger/vtigercrm/merge_requests?%20utf8=%C3%A2%C2%9C%C2%93&issue_search=obscu&state=all&scope=all&assignee_id=&author_id=&milestone_id=&label_id=
>>>
>>> All attachments now are stored as an md5 hash.
>>>
>>> HTH
>>>
>>> Al
>>>
>>> On 16/06/2020 00:48, Tony Sandman wrote:
>>> > Gents, while uploading attachment to ticket comment, the original file
>>> > name changing to 547094_033032447bc4a81fdfc7e50119360452.pdf and
>>> similar.
>>> > That random naming make document not accessible.
>>> > Any tips on that?
>>> >
>>> > Cheers
>>> >
>>> > _______________________________________________
>>> > http://www.vtiger.com/
>>> >
>>>
>>>
>>> _______________________________________________
>>> http://www.vtiger.com/
>>
>>
>>
>> --
>> With
>> Best Regards
>> Uma.S
>> Vtiger Team
>> _______________________________________________
>> http://www.vtiger.com/
>
> _______________________________________________
> http://www.vtiger.com/
--
With
Best Regards
Uma.S
Vtiger Team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20200617/cd4e1768/attachment.html>
More information about the vtigercrm-developers
mailing list