Joomla! Issue Tracker - CMS

Download
Launch
Feeling Lucky

[#14209] - [com_fields] [3.7b3] [SECURITY] Gallery Field with invalid path leaks absolute path

?
avatar PhilETaylor
PhilETaylor
23 Feb 2017

Steps to reproduce the issue

Enter an invalid path for the directory in the gallery field

Expected result

That Joomla will report the path is not a folder, without giving away my full absolute path - which is a security issue (of sorts)

Actual result

JFolder: :files: Path is not a folder. Path: **/Users/phil/Sites/remotebfb**/images/One

where /Users/phil/Sites/remotebfb is my absolute path to Joomla.

Also with error reporting on development I also get:

Warning: Invalid argument supplied for foreach() in /Users/phil/Sites/remotebfb/plugins/fields/gallery/tmpl/gallery.php on line 50

avatar PhilETaylor PhilETaylor - open - 23 Feb 2017
avatar joomla-cms-bot joomla-cms-bot - change - 23 Feb 2017
Labels Added: ?
avatar joomla-cms-bot joomla-cms-bot - labeled - 23 Feb 2017
avatar zero-24
zero-24 - comment - 23 Feb 2017

feel free to PR a change here: https://github.com/joomla/joomla-cms/blob/staging/libraries/joomla/filesystem/folder.php#L507 but this is a general "[SECURITY]" Problem of JFolder and not the Gallery. The gallery is just using that method.

avatar zero-24
zero-24 - comment - 23 Feb 2017

this should also be fixed with #14216 please double check that thanks.

avatar zero-24 zero-24 - change - 23 Feb 2017
Status New Closed
Closed_Date 0000-00-00 00:00:00 2017-02-23 18:53:48
Closed_By zero-24
avatar zero-24 zero-24 - close - 23 Feb 2017

Add a Comment

Login with GitHub to post a comment