invites_controller.rb
code Moderate
Redirect
Discovered almost 5 years ago
Source: static code analysis
Category: Redirect
Confidence level: Weak

Problem

Possible unprotected redirect

Location

app/controllers/invites_controller.rb:119

redirect_to(path("#{Invite.find_by(:invite_key => params[:token]).topics.first.relative_url}"))

Category description: Sometimes redirect_to can be used with a user-supplied value that may allow the attacker to change the :host option and load a malicious script from a third party website.

Solution: fix the issue in app/controllers/invites_controller.rb or mark it as false positive.

uploads_controller.rb
code Moderate
File Access
Discovered almost 5 years ago
Source: static code analysis
Category: File Access
Confidence level: Weak

Problem

Model attribute used in file name

Location

app/controllers/uploads_controller.rb:87

File.delete("#{File.dirname((FileHelper.download(url, [SiteSetting.max_image_size_kb, SiteSetting.max_attachment_size_kb].max.kilobytes, "discourse-upload-#{type}") rescue nil or file.tempfile).path)}/image.jpg")

Category description: When user-supplied input can contain ".." or similar characters that are passed through to file access APIs, causing access to files outside of an intended subdirectory.

Solution: fix the issue in app/controllers/uploads_controller.rb or mark it as false positive.

show.html.erb
code Moderate
Cross-Site Scripting
Discovered almost 5 years ago
Source: static code analysis
Category: Cross-Site Scripting
Confidence level: Weak

Problem

Unescaped model attribute

Location

app/views/static/show.html.erb:31

crawlable_meta_data(:title => SiteSetting.title, :description => SiteSetting.site_description)

Category description: XSS occurs when a user-manipulatable value is displayed on a web page without escaping it, allowing someone to inject Javascript or HTML into the page.

Solution: fix the issue in app/views/static/show.html.erb or mark it as false positive.

static_controller.rb
code Moderate
File Access
Discovered almost 5 years ago
Source: static code analysis
Category: File Access
Confidence level: Weak

Problem

Parameter value used in file name

Location

app/controllers/static_controller.rb:186

send_file(File.expand_path(((Rails.root + "public/assets/") + params[:path])), :disposition => nil, :type => "application/javascript")

Category description: When user-supplied input can contain ".." or similar characters that are passed through to file access APIs, causing access to files outside of an intended subdirectory.

Solution: fix the issue in app/controllers/static_controller.rb or mark it as false positive.