github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-22 22:43:33 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

SECURITY: Disallow symlinks when restoring uploads.

Browse Source
This commit is contained in:
Guo Xiang Tan
2017-03-17 14:27:01 +08:00
parent 566f367fc3
commit b49bf889f6
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/backup_restore/restorer.rb
View File

@ -380,7 +380,7 @@ module BackupRestore
current_db_name = RailsMultisite::ConnectionManagement.current_db current_db_name = RailsMultisite::ConnectionManagement.current_db
execute_command( execute_command(
'rsync', '-avp', "#{tmp_uploads_path}/", "uploads/#{current_db_name}/", 'rsync', '-avp', '--safe-links', "#{tmp_uploads_path}/", "uploads/#{current_db_name}/",
failure_message: "Failed to restore uploads." failure_message: "Failed to restore uploads."
) )