Opened 13 years ago
Closed 12 years ago
#2112 closed patch (Fixed)
Tmp Directory for Deluge-Web downloads
Reported by: | baconseed | Owned by: | Damien Churchill |
---|---|---|---|
Priority: | critical | Milestone: | 1.3.6 |
Component: | Web UI | Version: | master |
Keywords: | Cc: |
Description
While server.py in ui/web has the correct method of creating a tempdir, and using that tempdir to store files, json_api.py does not. This creates a big security risk for multi-user environments, as they end up in /tmp/ on Linux systems, readable by world. Attached is a patch to resolve this issue. It will create the tempdir, and use that to store torrent files, as is done in server.py
Attachments (1)
Change History (3)
by , 13 years ago
Attachment: | json_api_patch.diff added |
---|
comment:1 by , 13 years ago
Milestone: | Future → 1.3.6 |
---|
Note:
See TracTickets
for help on using tickets.
Patch to resolve /tmp/ issues