New issue
Advanced search Search tips

Issue 791329 link

Starred by 3 users
Status: WontFix
Owner: ----
Closed: Dec 2017
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 2
Type: Bug-Security



Sign in to add a comment

Uploading document, "Fakepath"

Reported by klosins...@hotmail.com, Dec 3 2017 
UserAgent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36

Steps to reproduce the problem:
1. Go to website
2. Upload a resume
3. 

What is the expected behavior?
Document uploaded

What went wrong?
Says C:fakepath

Did this work before? Yes 

Chrome version: 62.0.3202.94  Channel: stable
OS Version: 10.0
Flash Version:

Comment 1 by elawrence@chromium.org, Dec 3 2017

Labels: -Restrict-View-SecurityTeam allpublic
Status: WontFix (was: Unconfirmed)
This isn't a security issue, or even a bug at all. For the last six or more years, if you upload a file to the server, the filename that is sent to the server is changed so that the directory component is "fakepath". This helps prevent revealing potentially private information to the server.

So, if I upload C:\users\ericlaw\desktop\MyFile.jpg to the server, when the page and server get the file, the path now looks like "C:\fakepath\MyFile.jpg" to avoid revealing to the server that my username on my local PC is "ericlaw."

If this is causing a specific problem, I'm happy to help investigate for you.

Sign in to add a comment