Security issue in ImageEditor that allows saving the image in an up-level folder

The RadImageEditor control allowed saving image files (.png/.jpg/.gif) to an up-level folder on the server when the built-in storing of files is used. This issue did not affect implementations based on the content provider paragidm. It has been fixed since the Q1 2014 release of Telerik UI for ASP.NET AJAX (version 2014.1.225).

If you are using an older version of the controls and you do not wish to upgrade, there are two approaches that you can take in order to resolve the security issue:

• You could replace the path separator from the file name in the event handler of the image editor’s ImageSaving event:
  
  void ImageEditor_ImageSaving(object sender, Telerik.Web.UI.ImageEditorSavingEventArgs e)

  {

      e.FileName = e.FileName.Replace("/", "");

  }
• You could use a custom content provider to completely bypass the file handling approaches in the ImageEditor itself. Please check the following demo and help article on the matter for more information:
  
  • http://demos.telerik.com/aspnet-ajax/imageeditor/examples/customcontentprovider/defaultcs.aspx
  • http://www.telerik.com/help/aspnet-ajax/imageeditor-using-custom-content-provider.html