Security: ensure file upload directory is not world-writable.
(There still seem to be bugs in the file upload function.)
This commit is contained in:
parent
46a456b3ad
commit
626c135d1e
1 changed files with 1 additions and 0 deletions
|
@ -89,6 +89,7 @@ class Web < ActiveRecord::Base
|
|||
def create_files_directory
|
||||
return unless allow_uploads == 1
|
||||
dummy_file = self.wiki_files.build(:file_name => '0', :description => '0', :content => '0')
|
||||
File.umask(0002)
|
||||
dir = File.dirname(dummy_file.content_path)
|
||||
begin
|
||||
require 'fileutils'
|
||||
|
|
Loading…
Reference in a new issue