Opened 5 years ago

Closed 5 years ago

#2112 closed patch (Fixed)

Tmp Directory for Deluge-Web downloads

Reported by: baconseed Owned by: damoxc
Priority: critical Milestone: 1.3.6
Component: Web UI Version: master (git)
Keywords: Cc:

Description

While server.py in ui/web has the correct method of creating a tempdir, and using that tempdir to store files, json_api.py does not. This creates a big security risk for multi-user environments, as they end up in /tmp/ on Linux systems, readable by world. Attached is a patch to resolve this issue. It will create the tempdir, and use that to store torrent files, as is done in server.py

Attachments (1)

json_api_patch.diff (453 bytes) - added by baconseed 5 years ago.
Patch to resolve /tmp/ issues

Download all attachments as: .zip

Change History (3)

Changed 5 years ago by baconseed

Patch to resolve /tmp/ issues

comment:1 Changed 5 years ago by Cas

  • Milestone changed from Future to 1.3.6

comment:2 Changed 5 years ago by Cas

  • Resolution set to fixed
  • Status changed from new to closed

Fixed 1.3-stable: bb7b529c2

Note: See TracTickets for help on using tickets.