Serious security risk in AC.Form.Upload. Save path and allowed attributes are
passed in the HTML (and can thus be altered).
*Reproduce:*
<?php echo $this->ajaxUpload('test', 'private/var/tmp/', array('png')); ?>
The resulting HTML could be easily tampered with (before JS executes on page),
to be able to i.e. set the upload dir to 'public/images/' and extensions to
array('php').
Original issue reported on code.google.com by hong...@gmail.com on 7 Nov 2011 at 12:36
Original issue reported on code.google.com by
hong...@gmail.comon 7 Nov 2011 at 12:36