Commit Graph

4 Commits

Author SHA1 Message Date
Maxime Rainville
319fa4734c Merge branch '5.4' into 5.5 2020-05-26 15:11:46 +12:00
Dan Hensby
ede2d93363
Linting fixes 2020-05-05 16:30:57 +01:00
Serge Latyntcev
23de5a85c2 [CVE-2020-9280] Task for shifting UserForm uploads into correct folders
A task helper for recovering UserForm uploads targeting incorrectly migrated folders (from Silverstripe CMS 3)
    If your project has not been migrated from Silverstripe CMS 3, you do not need this helper.
    Before running this task make sure you have repaired the migrated folders themselves.
    To do that you have to run the extra migration subtask (`migrate-folders`).

    This task is particularly looking at all UserForm file submissions and checks they are in the same
    folder where the particular version of its EditableFileField has been set up to upload it to.

    If it finds the file has been misplaced, it tries to move it to the correct folder, but only if
    the file has not had any manipulations since the uploading happened (the file Version=1).

    If an affected file has a draft, then only Live version will be moved, but the draft will be preserved as is.

    For more details see CVE-2020-9280
2020-04-15 12:19:23 +12:00
Serge Latyntcev
3bbad20442 [CVE-2020-9280] Task for shifting UserForm uploads into correct folders
A task helper for recovering UserForm uploads targeting incorrectly migrated folders (from Silverstripe CMS 3)
    If your project has not been migrated from Silverstripe CMS 3, you do not need this helper.
    Before running this task make sure you have repaired the migrated folders themselves.
    To do that you have to run the extra migration subtask (`migrate-folders`).

    This task is particularly looking at all UserForm file submissions and checks they are in the same
    folder where the particular version of its EditableFileField has been set up to upload it to.

    If it finds the file has been misplaced, it tries to move it to the correct folder, but only if
    the file has not had any manipulations since the uploading happened (the file Version=1).

    If an affected file has a draft, then only Live version will be moved, but the draft will be preserved as is.

    For more details see CVE-2020-9280
2020-04-14 15:58:23 +12:00