/ 
Yukki-0.140290
River stage zero No dependents
/ Yukki::Web::Controller::Attachment
Security Advisories (3)
CVE-2016-4566 (2016-05-22)

Cross-site scripting (XSS) vulnerability in plupload.flash.swf in Plupload before 2.1.9, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via a Same-Origin Method Execution (SOME) attack.

CVE-2010-5312 (2014-11-24)

Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option.

CVE-2021-23562 (2021-12-03)

This affects the package plupload before 2.3.9. A file name containing JavaScript code could be uploaded and run. An attacker would need to trick a user to upload this kind of file.

NAME

Yukki::Web::Controller::Attachment - Controller for uploading, downloading, and viewing attachments

VERSION

version 0.140290

DESCRIPTION

Handles uploading, downloading, and viewing attachments.

METHODS

fire

Maps download requests to "download_file", upload requests to "upload_file", and view requestst to "view_file".

lookup_file

my $file = $self->lookup_file($repository, $path);

This is a helper for locating and returning a Yukki::Model::File for the requested repository and path.

download_file

Returns the file in the response with a MIME type of "application/octet". This should force the browser to treat it like a download.

view_file

Returns the file in the response with a MIME type reported by "media_type" in Yukki::Model::File.

rename_file

Handles attachment renaming via the page rename controller.

remove_file

Displays the remove confirmation.

upload_file

This uploads the file given into the wiki.

AUTHOR

Andrew Sterling Hanenkamp <hanenkamp@cpan.org>

COPYRIGHT AND LICENSE

This software is copyright (c) 2014 by Qubling Software LLC.

This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.