From 02fb491f9b154a3304fa606727143e155a493a2f Mon Sep 17 00:00:00 2001 From: fredtempez Date: Tue, 9 May 2023 09:13:00 +0200 Subject: [PATCH] =?UTF-8?q?D=C3=A9sactive=20TUI=20Image=20=C3=A9diteur?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- CHANGES.md | 1 + core/vendor/filemanager/ajax_calls.php | 1 + core/vendor/filemanager/config/config.php | 2 +- 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/CHANGES.md b/CHANGES.md index d2a5d3eb..99911b53 100755 --- a/CHANGES.md +++ b/CHANGES.md @@ -3,6 +3,7 @@ ## Version 12.3.10 - Edition d'un utilisateur, sélection de la langue de sont interface. - Mise à jour du fichier dialog.php de Responsive File Manager +- Vulnérabilité dans ajax_call.php CVE-2020-10567, désactivation de TUI Editor et de la fonction save_image. ## Version 12.3.09 ### Corrections diff --git a/core/vendor/filemanager/ajax_calls.php b/core/vendor/filemanager/ajax_calls.php index e514186d..4ab1b48d 100644 --- a/core/vendor/filemanager/ajax_calls.php +++ b/core/vendor/filemanager/ajax_calls.php @@ -79,6 +79,7 @@ if (isset($_GET['action'])) { } break; case 'save_img': + break; $info = pathinfo($_POST['name']); $image_data = $_POST['url']; diff --git a/core/vendor/filemanager/config/config.php b/core/vendor/filemanager/config/config.php index dea2c679..0bf80362 100644 --- a/core/vendor/filemanager/config/config.php +++ b/core/vendor/filemanager/config/config.php @@ -487,7 +487,7 @@ $config = array( * TUI Image Editor config *******************/ // Add or modify the options below as needed - they will be json encoded when added to the configuration so arrays can be utilized as needed - 'tui_active' => true, + 'tui_active' => false, 'tui_position' => 'bottom', // 'common.bi.image' => "../assets/images/logo.png", // 'common.bisize.width' => '70px',