Question Full path disclosure downloading attachments

Hi there,

After installing 4.0.3 version, when I download an attached file I get the full path in the filename. I don't upload an screenshot for security reasons, but instead filename.pdf I get home_xxxx_media_kunena_attachments_filename.pdf

I have tried enabling and disabling Protect attachments option under Configuration --> Uploads, but nothing happens...

Regards,
Jose

This same issue is also discussed in the topic [K4.0.1] Attachment displaying full URL location .

This problem has not been solved.

Thanks sozzled.

To avoid it I have manually changed attachment filenames in database. This workaround avoid the full path disclosure while the issue is not corrected.

Regards,
Jose

Hello,

Can-you post here please your Kunena report configuration ?

Here you have (omited confidential info):

Kunena menu details: [/quote]

Joomla default template details : gk_startup | author: GavickPro | version: 3.9 | creationdate: Unknown

Kunena default template details : Blue Eagle | author: Kunena Team | version: 4.0.3 | creationdate: 2015-06-29

Kunena version detailed: Kunena 4.0.3 | 2015-06-29 [ Possagno ]
| Kunena detailed configuration:

Warning: Spoiler!

Kunena config settings:
board_offline	0
enablerss	1
threads_per_page	20
messages_per_page	6
messages_per_page_search	15
showhistory	1
historylimit	6
shownew	1
disemoticons	0
template	blue_eagle
showannouncement	1
avataroncat	0
catimagepath	category_images/
showchildcaticon	1
rtewidth	450
rteheight	300
enableforumjump	1
reportmsg	1
username	1
askemail	0
showemail	0
showuserstats	1
showkarma	1
useredit	1
useredittime	0
useredittimegrace	600
editmarkup	1
allowsubscriptions	1
subscriptionschecked	1
allowfavorites	1
maxsubject	50
maxsig	300
regonly	0
pubwrite	0
floodprotection	0
mailmod	1
mailadmin	0
captcha	0
mailfull	1
allowavatarupload	1
allowavatargallery	1
avatarquality	65
avatarsize	60000
imageheight	800
imagewidth	800
imagesize	300
filetypes	txt,rtf,pdf,zip,tar.gz,tgz,tar.bz2
filesize	6000
showranking	1
rankimages	1
userlist_rows	30
userlist_online	1
userlist_avatar	1
userlist_posts	1
userlist_karma	1
userlist_email	0
userlist_joindate	1
userlist_lastvisitdate	1
userlist_userhits	1
latestcategory
showstats	1
showwhoisonline	1
showgenstats	1
showpopuserstats	1
popusercount	5
showpopsubjectstats	1
popsubjectcount	5
showspoilertag	1
showvideotag	1
showebaytag	1
trimlongurls	1
trimlongurlsfront	40
trimlongurlsback	20
autoembedyoutube	1
autoembedebay	1
ebaylanguagecode	en-us
sessiontimeout	1800
highlightcode	0
rss_type	topic
rss_timelimit	month
rss_limit	100
rss_included_categories
rss_excluded_categories
rss_specification	rss2.0
rss_allow_html	1
rss_author_format	name
rss_author_in_title	1
rss_word_count	0
rss_old_titles	1
rss_cache	900
defaultpage	recent
default_sort	asc
sef	1
showimgforguest	1
showfileforguest	1
pollnboptions	4
pollallowvoteone	1
pollenabled	1
poppollscount	5
showpoppollstats	1
polltimebtvotes	00:15:00
pollnbvotesbyuser	100
pollresultsuserslist	1
maxpersotext	50
ordering_system	mesid
post_dateformat	ago
post_dateformat_hover	datetime
hide_ip	1
imagetypes	jpg,jpeg,gif,png
checkmimetypes	1
imagemimetypes	image/jpeg,image/jpg,image/gif,image/png
imagequality	50
thumbheight	32
thumbwidth	32
hideuserprofileinfo	put_empty
boxghostmessage	0
userdeletetmessage	0
latestcategory_in	1
topicicons	1
debug	0
catsautosubscribed	0
showbannedreason	0
showthankyou	1
showpopthankyoustats	1
popthankscount	5
mod_see_deleted	0
bbcode_img_secure	text
listcat_show_moderators	1
lightbox	1
show_list_time	720
show_session_type	0
show_session_starttime	0
userlist_allowed	1
userlist_count_users	1
enable_threaded_layouts	0
category_subscriptions	post
topic_subscriptions	every
pubprofile	0
thankyou_max	10
email_recipient_count	0
email_recipient_privacy	bcc
captcha_post_limit	0
keywords	0
userkeywords	0
image_upload	registered
file_upload	registered
topic_layout	flat
time_to_create_page	1
show_imgfiles_manage_profile	1
hold_newusers_posts	0
hold_guest_posts	0
attachment_limit	8
pickup_category	0
article_display	intro
send_emails	1
fallback_english	1
cache	1
cache_time	60
iptracking	1
rss_feedburner_url
autolink	1
access_component	1
statslink_allowed	1
superadmin_userlist	0
legacy_urls	1
attachment_protection	1
categoryicons	1
avatarresizemethod	1
avatarcrop	0
user_report	1
searchtime	365
teaser	0
ebay_language	0
twitter_consumer_key
twitter_consumer_secret
max_links	6
userlist_name	0
usernamechange	0
version_check	1
userlist_usertype	0
sefutf8	0
enablepdf	1
jmambot	0
annmodid	62
changename	0
userlist_username	1
rules_infb	1
help_infb	1
onlineusers	1

| Kunena integration settings:

Warning: Spoiler!

Kunena - AlphaUserPoints Enabled: activity=1 avatar=1 profile=1 activity_points_limit=0
Kunena - Community Builder Disabled
Kunena - Gravatar Disabled
Kunena - JomSocial Enabled: access=1 login=1 activity=1 avatar=1 profile=1 private=1 activity_points_limit=0 activity_stream_limit=0
Kunena - Joomla Enabled: access=1 login=1
Kunena - Kunena Enabled: avatar=1 profile=1
Kunena - UddeIM Enabled: private=1

| Joomla! detailed language files installed:

Warning: Spoiler!

Joomla! languages installed:
en-GB	English (en-GB)

Third-party components: None

Third-party SEF components: None

Plugins: None

Modules: None

I have a similar problem :dry:

Since i have updated from 3.0.6 to 4.0.3, some Attachments have a wrong Path like this:

http://media/kunena/attachments/Dienstleistungskatalog_eines_Versicherungsbrokers.pdf/Dienstleistungskatalog_eines_Versicherungsbrokers.pdf

No correkt URL and double documentname :S

Is there a solution to fix this?

Thanks from Switzerland
Corinne

Database collation check: The collation of your table fields are correct

Joomla! SEF: Enabled | Joomla! SEF rewrite: Disabled | FTP layer: Disabled |

This message contains confidential information

htaccess: Missing | PHP environment: Max execution time: 30 seconds | Max execution memory: 64M | Max file upload: 32M

Kunena menu details:

Warning: Spoiler!

ID	Name	Menutype	Link	Path	In trash
123	Forum	mainmenu	Itemid=114	kunena-2014-09-29	No
114	Forum	kunenamenu	view=home&defaultmenu=116	forum	No
115	Index	kunenamenu	view=category&layout=list	forum/index	No
116	Aktuell	kunenamenu	view=topics&mode=replies	forum/aktuell	No
117	Neues Thema	kunenamenu	view=topic&layout=create&catid=	forum/neuesthema	No
118	Ohne Antwort	kunenamenu	view=topics&mode=noreplies	forum/ohneantwort	No
119	Meine Themen	kunenamenu	view=topics&layout=user&mode=default&modetype=	forum/meinethemen	No
120	Profil	kunenamenu	view=user	forum/profil	No
121	Hilfe	kunenamenu	view=misc	forum/hilfe	No
122	Suche	kunenamenu	view=search	forum/suche	No

Joomla default template details : Standard_1_optimalis | author: Beatrice Brupbacher | version: 1.0 | creationdate: Unknown

Kunena default template details : Blue Eagle | author: Kunena Team | version: 4.0.3 | creationdate: 2015-06-29

Kunena version detailed: Kunena 4.0.3 | 2015-06-29 [ Possagno ]
| Kunena detailed configuration:

Warning: Spoiler!

Kunena config settings:
board_offline	0
enablerss	0
threads_per_page	20
messages_per_page	6
messages_per_page_search	15
showhistory	0
historylimit	6
shownew	1
disemoticons	1
template	blue_eagle
showannouncement	1
avataroncat	0
catimagepath	category_images
showchildcaticon	1
rtewidth	450
rteheight	300
enableforumjump	1
reportmsg	1
username	1
askemail	0
showemail	0
showuserstats	0
showkarma	0
useredit	0
useredittime	0
useredittimegrace	600
editmarkup	1
allowsubscriptions	1
subscriptionschecked	1
allowfavorites	1
maxsubject	50
maxsig	300
regonly	1
pubwrite	0
floodprotection	0
mailmod	0
mailadmin	0
captcha	0
mailfull	1
allowavatarupload	0
allowavatargallery	0
avatarquality	75
avatarsize	2048
imageheight	800
imagewidth	800
imagesize	150
filetypes	txt,rtf,pdf,zip,tar.gz,tgz,tar.bz2,doc,docx,xls,xlsx
filesize	64000000
showranking	0
rankimages	0
userlist_rows	30
userlist_online	0
userlist_avatar	0
userlist_posts	0
userlist_karma	0
userlist_email	0
userlist_joindate	0
userlist_lastvisitdate	0
userlist_userhits	0
latestcategory
showstats	0
showwhoisonline	0
showgenstats	0
showpopuserstats	0
popusercount	0
showpopsubjectstats	1
popsubjectcount	5
showspoilertag	0
showvideotag	1
showebaytag	0
trimlongurls	1
trimlongurlsfront	40
trimlongurlsback	20
autoembedyoutube	1
autoembedebay	1
ebaylanguagecode	en-us
sessiontimeout	1800
highlightcode	0
rss_type	topic
rss_timelimit	month
rss_limit	100
rss_included_categories
rss_excluded_categories
rss_specification	rss2.0
rss_allow_html	1
rss_author_format	name
rss_author_in_title	1
rss_word_count	0
rss_old_titles	1
rss_cache	900
defaultpage	recent
default_sort	desc
sef	1
showimgforguest	0
showfileforguest	0
pollnboptions	4
pollallowvoteone	1
pollenabled	1
poppollscount	5
showpoppollstats	1
polltimebtvotes	00:15:00
pollnbvotesbyuser	100
pollresultsuserslist	1
maxpersotext	50
ordering_system	mesid
post_dateformat	datetime
post_dateformat_hover	datetime
hide_ip	1
imagetypes	jpg,jpeg,gif,png
checkmimetypes	1
imagemimetypes	image/jpeg,image/jpg,image/gif,image/png
imagequality	50
thumbheight	32
thumbwidth	32
hideuserprofileinfo	put_empty
boxghostmessage	0
userdeletetmessage	0
latestcategory_in	1
topicicons	1
debug	0
catsautosubscribed	0
showbannedreason	0
showthankyou	0
showpopthankyoustats	0
popthankscount	5
mod_see_deleted	0
bbcode_img_secure	text
listcat_show_moderators	0
lightbox	1
show_list_time	720
show_session_type	0
show_session_starttime	0
userlist_allowed	1
userlist_count_users	1
enable_threaded_layouts	0
category_subscriptions	post
topic_subscriptions	every
pubprofile	0
thankyou_max	10
email_recipient_count	0
email_recipient_privacy	bcc
captcha_post_limit	0
keywords	0
userkeywords	0
image_upload	registered
file_upload	registered
topic_layout	flat
time_to_create_page	1
show_imgfiles_manage_profile	1
hold_newusers_posts	0
hold_guest_posts	0
attachment_limit	8
pickup_category	0
article_display	intro
send_emails	1
fallback_english	1
cache	1
cache_time	60
iptracking	1
rss_feedburner_url
autolink	1
access_component	0
statslink_allowed	0
superadmin_userlist	0
legacy_urls	1
attachment_protection	0
categoryicons	1
avatarresizemethod	1
avatarcrop	0
user_report	1
searchtime	365
teaser	0
ebay_language	0
twitter_consumer_key
twitter_consumer_secret
max_links	6
userlist_name	0
usernamechange	0
version_check	1

| Kunena integration settings:

Warning: Spoiler!

Kunena - AlphaUserPoints Disabled
Kunena - Community Builder Disabled
Kunena - Gravatar Disabled
Kunena - JomSocial Disabled
Kunena - Joomla Enabled: access=1 login=1
Kunena - Kunena Enabled: avatar=1 profile=1
Kunena - UddeIM Disabled

| Joomla! detailed language files installed:

Warning: Spoiler!

Joomla! languages installed:
de-DE	German (DE-CH-AT)
en-GB	English (United Kingdom)

Third-party components: None

Third-party SEF components: None

Plugins: Search - Kunena Search 3.1.0

Modules: Kunena Search 3.1.0