Home » Download » Modules » Flexinode » Issues

Configurable allowed file extensions

Bèr Kessels - January 28, 2007 - 15:43
Project:Flexinode
Version:4.7.x-1.x-dev
Component:Field type: file
Category:task
Priority:critical
Assigned:Unassigned
Status:needs review
Description

Introduce file extensions config options.

My personal preference, however, is checks for mime-types, instead of extensions. Mime types are technically superior, modern desktop environments no longer use extensions (or at least don't care about them).

» Login or register to post comments

#1

ahoeben - January 28, 2007 - 16:45

The patch presented here forces siteadmins to whitelist allowable extensions in order to prevent security issues.

Mime-types are nice and all, but AFAIK local files don't really tell what mime-type they have when they are uploaded.

Login or register to post comments

#2

ahoeben - April 16, 2007 - 08:43
Version:HEAD» 4.7.x-1.x-dev

Attached patch is derived from the patch I mentioned. Allowing just any file to be uploaded is insecure, so this patch should go in ASAP.

AttachmentSize
field_file_options.patch 3.05 KB
Login or register to post comments

#3

ahoeben - April 16, 2007 - 08:44
Status:active» needs review
Login or register to post comments

#4

ahoeben - April 16, 2007 - 08:48
Priority:normal» critical
Login or register to post comments

#5

ahoeben - April 26, 2007 - 11:39

I hate bumping this issue like this, but can anybody at least review this patch?
It's an important security improvement.

Login or register to post comments
 
 

Drupal is a registered trademark of Dries Buytaert.