Opened 9 years ago
Closed 8 years ago
#2112 closed patch (Fixed)
Tmp Directory for Deluge-Web downloads
Reported by: | baconseed | Owned by: | damoxc |
---|---|---|---|
Priority: | critical | Milestone: | 1.3.6 |
Component: | Web UI | Version: | master |
Keywords: | Cc: |
Description
While server.py in ui/web has the correct method of creating a tempdir, and using that tempdir to store files, json_api.py does not. This creates a big security risk for multi-user environments, as they end up in /tmp/ on Linux systems, readable by world. Attached is a patch to resolve this issue. It will create the tempdir, and use that to store torrent files, as is done in server.py
Attachments (1)
Change History (3)
Changed 9 years ago by baconseed
comment:1 Changed 9 years ago by Cas
- Milestone changed from Future to 1.3.6
comment:2 Changed 8 years ago by Cas
- Resolution set to fixed
- Status changed from new to closed
Fixed 1.3-stable: bb7b529c2
Note: See
TracTickets for help on using
tickets.
Patch to resolve /tmp/ issues