composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-03-06 09:34:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

N°8612 - [SECU] Insecure Access to Inline Images

Browse Source
This commit is contained in:
Benjamin DALSASS
2026-02-26 11:52:14 +01:00
parent 454a1b26eb
commit 93c19e8c14
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
pages/ajax.document.php
View File

@@ -63,6 +63,7 @@ try {
break;
case 'download_inlineimage':
LoginWebPage::DoLoginEx();
// No login is required because the "secret" protects us
// Benefit: the inline image can be inserted into any HTML (templating = $this->html(public_log)$)
$id = utils::ReadParam('id', '');