/ 
Jifty-0.60321
/ Jifty::Web::Form::Field::Upload
Security Advisories (4)
CPANSA-Jifty-2011-01 (2011-03-17)

The path as passed in the fragment request data structure was used verbatim in the dispatcher and other locations. This possibly allowed requests to walk around ACLs by requesting '/some/safe/place/../../../dangerous' as a fragment.

CPANSA-Jifty-2009-01 (2009-04-09)

The REST plugin would let you call any method on the model.

CPANSA-Jifty-2008-01 (2009-04-08)

Allowed all actions on GET.

CPANSA-Jifty-2006-01 (2006-07-06)

Jifty did not protect users against a class of remote data access vulnerability. If an attacker knew the structure of your local filesystem and you were using the "standalone" webserver in production, the attacker could gain read only access to local files.

NAME

Jifty::Web::Form::Field::Upload - File upload field

DESCRIPTION

An input field that renders using <input type="file" />. The argument value that the action recieves from this field via "argument_value" in Jifty::Action will be a filehandle, which can be read in the usual ways.

render_widget

Renders the file upload widget.

render_value

The 'value', rendered, is empty so that BLOBs and the like don't get streamed to the browser.