Uploaded image for project: 'translate5'
  1. translate5
  2. TRANSLATE-3020

PXSS on showing reference files (4.1.2)

    XMLWordPrintable

Details

    • Critical
    • This issue is security related!
    • Security related fix.
    • -

    Description

      Description:

      problem

      Since for reference files nearly all fileformats can be used (including HTML) this files are opened as new browser tab in the same context as the application itself. Therefore the reference file has access to security related data like cookies etc.

      solution

      Provide the access to reference files (Editor_ReferencefileController::getAction) as download (Content-Disposition: attachment; filename=FILENAME).

      Attachments

        Activity

          People

            aleksandar Aleksandar Mitrev
            tlauria Thomas Lauria
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: