mirror of
https://github.com/discourse/discourse.git
synced 2024-12-15 23:56:43 +08:00
SECURITY: Disallow symlinks when restoring uploads.
This commit is contained in:
parent
c14d98354b
commit
2daed01070
|
@ -380,7 +380,7 @@ module BackupRestore
|
||||||
current_db_name = RailsMultisite::ConnectionManagement.current_db
|
current_db_name = RailsMultisite::ConnectionManagement.current_db
|
||||||
|
|
||||||
execute_command(
|
execute_command(
|
||||||
'rsync', '-avp', "#{tmp_uploads_path}/", "uploads/#{current_db_name}/",
|
'rsync', '-avp', '--safe-links', "#{tmp_uploads_path}/", "uploads/#{current_db_name}/",
|
||||||
failure_message: "Failed to restore uploads."
|
failure_message: "Failed to restore uploads."
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user