Needs review
Project:
Flexinode
Version:
4.7.x-1.x-dev
Component:
Field type: file
Priority:
Critical
Category:
Task
Assigned:
Unassigned
Reporter:
Created:
28 Jan 2007 at 15:43 UTC
Updated:
26 Apr 2007 at 11:39 UTC
Jump to comment: Most recent file
Comments
Comment #1
ahoeben commentedThe patch presented here forces siteadmins to whitelist allowable extensions in order to prevent security issues.
Mime-types are nice and all, but AFAIK local files don't really tell what mime-type they have when they are uploaded.
Comment #2
ahoeben commentedAttached patch is derived from the patch I mentioned. Allowing just any file to be uploaded is insecure, so this patch should go in ASAP.
Comment #3
ahoeben commentedComment #4
ahoeben commentedComment #5
ahoeben commentedI hate bumping this issue like this, but can anybody at least review this patch?
It's an important security improvement.