New issue
Advanced search Search tips

Issue 791329 link

Starred by 3 users

Issue metadata

Status: WontFix
Owner: ----
Closed: Dec 2017
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 2
Type: Bug-Security



Sign in to add a comment

Uploading document, "Fakepath"

Reported by klosins...@hotmail.com, Dec 3 2017

Issue description

UserAgent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36

Steps to reproduce the problem:
1. Go to website
2. Upload a resume
3. 

What is the expected behavior?
Document uploaded

What went wrong?
Says C:fakepath

Did this work before? Yes 

Chrome version: 62.0.3202.94  Channel: stable
OS Version: 10.0
Flash Version:
 
Labels: -Restrict-View-SecurityTeam allpublic
Status: WontFix (was: Unconfirmed)
This isn't a security issue, or even a bug at all. For the last six or more years, if you upload a file to the server, the filename that is sent to the server is changed so that the directory component is "fakepath". This helps prevent revealing potentially private information to the server.

So, if I upload C:\users\ericlaw\desktop\MyFile.jpg to the server, when the page and server get the file, the path now looks like "C:\fakepath\MyFile.jpg" to avoid revealing to the server that my username on my local PC is "ericlaw."

If this is causing a specific problem, I'm happy to help investigate for you.

Sign in to add a comment