Skip to content
Extraits de code Groupes Projets
Sélectionner une révision Git
  • master par défaut protégée
  • v0.7.17.0-facil
  • v0.7.16.0-facil
3 résultats
Blame Lien permanent
  • Jonne Haß's avatar
    0a70e51f
    Add a token the filename for exported user data · 0a70e51f
    Jonne Haß a rédigé 
    Also redirect to it for download, for Amazon S3
compatibility.

Prior to this patch an attacker could obtain an
users export by guessing the filename with a high
chance of success. Fully authenticating the
download request is a lot harder due to our diverse
deployment scenarios.

This brings the used method in line with the photo
export feature.

Thanks to @tomekr for the report.
    0a70e51f
    Historique
    Add a token the filename for exported user data
    Jonne Haß a rédigé 
    Also redirect to it for download, for Amazon S3
compatibility.

Prior to this patch an attacker could obtain an
users export by guessing the filename with a high
chance of success. Fully authenticating the
download request is a lot harder due to our diverse
deployment scenarios.

This brings the used method in line with the photo
export feature.

Thanks to @tomekr for the report.