You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Nov 14, 2023. It is now read-only.
Description: when 'Filestore Storage' is enabled, the full filesystem path to the documents is saved in the column 'muk_dms_file.content_file' with the following composition: data_dir + "/files/" + **db_name** + md5prefix + md5hash,
for instance:
'/var/lib/odoo/files/mydb/e2/e28088cf2ca59192b6d7b73508c0dd8e7783be73'
This is the fully qualified filesystem path on the host server, including the hard-coded name of the database.
This approach has two potentially dangerous flaws:
When a database is duplicated, renamed or restored, a new 'files/' folder is correctly created. However the paths in the database still point to the original files, so any operations, including unlink, are performed on these files, not the ones belonging to the new database.
By restoring a manipulated database, a user could potentially download any files to which the Odoo application user has access to. This is especially problematic with tenant systems.
The text was updated successfully, but these errors were encountered:
mkanderson
changed the title
[muk_dms_file] Potential file corruption, unintended deletion on DB duplication, rename and restore
[12.0] muk_dms_file Potential file corruption, unintended deletion on DB duplication, rename and restore
Sep 23, 2020
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Description: when 'Filestore Storage' is enabled, the full filesystem path to the documents is saved in the column 'muk_dms_file.content_file' with the following composition:
data_dir + "/files/" + **db_name** + md5prefix + md5hash
,for instance:
'/var/lib/odoo/files/mydb/e2/e28088cf2ca59192b6d7b73508c0dd8e7783be73'
This is the fully qualified filesystem path on the host server, including the hard-coded name of the database.
This approach has two potentially dangerous flaws:
Tested with:
The text was updated successfully, but these errors were encountered: