Opened 12 years ago
Closed 12 years ago
#2112 closed patch (Fixed)
Tmp Directory for Deluge-Web downloads
Reported by: | baconseed | Owned by: | damoxc |
---|---|---|---|
Priority: | critical | Milestone: | 1.3.6 |
Component: | Web UI | Version: | master |
Keywords: | Cc: |
Description
While server.py in ui/web has the correct method of creating a tempdir, and using that tempdir to store files, json_api.py does not. This creates a big security risk for multi-user environments, as they end up in /tmp/ on Linux systems, readable by world. Attached is a patch to resolve this issue. It will create the tempdir, and use that to store torrent files, as is done in server.py
Attachments (1)
Change History (3)
Changed 12 years ago by baconseed
comment:1 Changed 12 years ago by Cas
- Milestone changed from Future to 1.3.6
comment:2 Changed 12 years ago by Cas
- Resolution set to fixed
- Status changed from new to closed
Fixed 1.3-stable: bb7b529c2
Note: See
TracTickets for help on using
tickets.
Patch to resolve /tmp/ issues