[Vtigercrm-developers] Uploading att to comment
Uma S
uma.s at vtiger.com
Wed Jun 17 08:13:04 GMT 2020
Hi Ruben,
I checked through the profile image display in comments, which works fine
now. I think there may be some cache issue while generating the url.
On Wed, Jun 17, 2020 at 10:24 AM Uma S <uma.s at vtiger.com> wrote:
> Hi Ruben,
>
> I have checked for the user image in My preference and contacts profile
> image and product image upload at these places it looks fine.
>
> Now, I noticed that the user image in the comments section is not
> rendering properly. Are you pointing to the same issue? If not please do
> specify the case . So that i can re-check and address.
>
> On Tue, Jun 16, 2020 at 9:24 PM Rubén A. Estrada Orozco <
> rulotec1 at gmail.com> wrote:
>
>> Hi, I don't know if it's related but I had problems with files uploaded
>> in vtiger 7.2. For example users' photos don't display correctly and I also
>> noticed those modified file names. Maybe some bugs were introduced with
>> this new feature.
>> Saludos
>>
>> Rubén
>>
>>
>> On Tue, Jun 16, 2020 at 10:16 AM Uma S <uma.s at vtiger.com> wrote:
>>
>>> Hi Team,
>>>
>>> As file name disclosure will lead to an xss vulnerability through
>>> end-point, We have made these changes not to disclose filename.
>>>
>>> On Tue, Jun 16, 2020 at 1:04 PM Alan Lord <alanslists at gmail.com> wrote:
>>>
>>>> There were several patches committed to master a while ago for this:
>>>>
>>>>
>>>> https://code.vtiger.com/vtiger/vtigercrm/merge_requests?%20utf8=%C3%A2%C2%9C%C2%93&issue_search=obscu&state=all&scope=all&assignee_id=&author_id=&milestone_id=&label_id=
>>>>
>>>> All attachments now are stored as an md5 hash.
>>>>
>>>> HTH
>>>>
>>>> Al
>>>>
>>>> On 16/06/2020 00:48, Tony Sandman wrote:
>>>> > Gents, while uploading attachment to ticket comment, the original
>>>> file
>>>> > name changing to 547094_033032447bc4a81fdfc7e50119360452.pdf and
>>>> similar.
>>>> > That random naming make document not accessible.
>>>> > Any tips on that?
>>>> >
>>>> > Cheers
>>>> >
>>>> > _______________________________________________
>>>> > http://www.vtiger.com/
>>>> >
>>>>
>>>>
>>>> _______________________________________________
>>>> http://www.vtiger.com/
>>>
>>>
>>>
>>> --
>>> With
>>> Best Regards
>>> Uma.S
>>> Vtiger Team
>>> _______________________________________________
>>> http://www.vtiger.com/
>>
>> _______________________________________________
>> http://www.vtiger.com/
>
>
>
> --
> With
> Best Regards
> Uma.S
> Vtiger Team
>
--
With
Best Regards
Uma.S
Vtiger Team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20200617/268c26b3/attachment-0001.html>
More information about the vtigercrm-developers
mailing list