You are not logged in.

Announcement

 Téléchargez la dernière version stable de GLPI      -     Et vous, que pouvez vous faire pour le projet GLPI ? :  Contribuer
 Download last stable version of GLPI                      -     What can you do for GLPI ? :  Contribute

Pages: 1

Topic closed

#1 2008-06-14 10:43:46

klaus@kbc-zagreb.hr
Member
Registered: 2008-05-05
Posts: 14

Security attack? wtf

When Im try to download some +xls files glpi send me a message "Security attack!", but I need that files, is that a bug or security issue?
Plz help.

Offline

#2 2008-06-14 18:39:39

JMD
GLPI - Lead
Registered: 2004-09-13
Posts: 9,180
Website

Re: Security attack? wtf

is- this extension authorized in your glpi configuration ?

JMD / Jean-Mathieu Doléans - Glpi-project.org - Association Indepnet
Apportez votre pierre au  projet GLPI   : Soutenir

Offline

#3 2008-06-20 17:50:28

bergeror
Member
From: Peabody, Massachusetts US
Registered: 2008-05-29
Posts: 30

Re: Security attack? wtf

I find that this happens with there are two consecutive periods in the file name. For example: "myfile..doc". My guess is that the PHP script thinks that someone is trying to access something in a higher directory on the web server. (such as: ../../../../../../passwd)

The simplest thing to do is delete the attachment and reupload it with no double periods.

Offline

#4 2008-06-20 19:42:48

JMD
GLPI - Lead
Registered: 2004-09-13
Posts: 9,180
Website

Re: Security attack? wtf

OK wink

I close

JMD / Jean-Mathieu Doléans - Glpi-project.org - Association Indepnet
Apportez votre pierre au  projet GLPI   : Soutenir

Offline

Pages: 1

Topic closed

Board footer

Powered by FluxBB