Hi,
I programmed an add-on for the FAQ-Section. In our System it is now
possible to add Attachments to FAQ-articles.
The attachments are stored in ~/var/httpd/htdocs/otrs_faq (configurable
in Config.pm $Self->{FAQDirectory}). For each FAQ-article there is a
subdirectory which name is the ID of the FAQ-article.
When you view an article, Perl checks if there are any files in the
corresponding directory and creates links to these files. You can then
directly download the files from Apache (no "passthrough" with perl).
I know this may be a security problem, because OTRS has no access
control over these files (everyone who can guess the filename and path
can download the file).
Files/Directories affected from my changes (changed or added):
./Kernel/Config.pm (2 new Config-Settings)
./Kernel/Modules/FAQArticle.pm (added Upload-Functionality)
./Kernel/Output/HTML/xyz/FAQArticleForm.dtl (Upload-Input-field, Upload
delete)
./Kernel/Output/HTML/xyz/FAQArticleView.dtl (Upload-Links)
./Kernel/System/FAQ.pm
./Kernel/System/FAQ/ArticleStorageFS.pm (new module,Write Upload to FS)
./var/httpd/htdocs/otrs_faq/ (directory where attachments are saved)
Do you think it would make sense to put this functionality into future
releases?
regards,
Volker
_______________________________________________
OTRS mailing list: dev - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/dev
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/dev
