Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.- Log in or register to create an issue
- Advanced search
| Title | Status | Priority | Category | Version | Component | Replies |
Last updated |
Assigned to | Created |
|---|---|---|---|---|---|---|---|---|---|
| Insecure Direct Object Reference in Private File Uploads | Needs review | Normal | Task | main | file system | 3 | 2 days 22 hours | mohit_aghera | 4 days 4 hours |
| Add kernel test coverage for FileReferenceResolver | Active | Normal | Task | main | file system | 3 | 3 days 23 hours | 2 weeks 5 days | |
| Simplify private file routing | Postponed | Normal | Task | main | file system | 17 | 4 days 11 min | 3 years 7 months | |
| Expand FileSystemInterface::INSECURE_EXTENSIONS to add non standard PHP extensions | Needs review | Normal | Task | main | file system | 4 | 4 days 6 hours | 4 days 14 hours | |
| copy(), move(), and move_uploaded_file() ignores return value of stream_flush() | Needs work | Major | Bug report | main | file system | 61 | 4 days 22 hours | 7 years 1 week | |
| file_tokens() crashes with "Call to a member function label() on null" when [file:owner] resolves on a file whose owner has been deleted | Reviewed & tested by the community | Major | Bug report | main | file system | 16 | 1 week 2 days | 1 month 3 days | |
| FileSystem::mkdir() should handle open_basedir correctly | Needs work | Normal | Bug report | main | file system | 83 | 1 week 2 days | 9 years 8 months | |
| Remove file_sa_core_2023_005_schemes setting | Needs work | Normal | Task | main | file system | 5 | 1 week 5 days | 2 weeks 2 days | |
| Add new stream wrapper(s) to store generated files separately | Needs work | Major | Feature request | main | file system | 37 | 2 weeks 4 days | 10 years 3 months | |
| Remote File Upload via MIME Spoofing Allows Arbitrary Script Storage on Public S3 Buckets | Active | Normal | Task | main | file system | 4 | 2 weeks 4 days | 2 weeks 4 days | |
| Consider expanding hook_file_download to accept context | Active | Normal | Feature request | main | file system | 3 | 2 weeks 4 days | 2 weeks 4 days | |
| File formatter render absolute url to file | Needs work | Normal | Feature request | main | file system | 210 | 3 weeks 1 day | 9 years 8 months | |
| `LocalStream::stream_lock()` reports success for unrecognized operations | Needs work | Normal | Bug report | main | file system | 14 | 3 weeks 3 days | 1 year 5 months | |
| [pp-1] Should increasing REVISION_LOOKUP_LIMIT use just a Settings value | Postponed | Normal | Task | main | file system | 1 | 1 month 1 week | 1 month 1 week | |
| FileSystem::tempnam() doesn't respect subdirectories for stream wrappers | Needs work | Normal | Bug report | main | file system | 91 | 1 month 1 week | 15 years 6 months | |
| Clean up StreamWrapperManager::register() calls | Needs work | Normal | Task | main | file system | 10 | 1 month 1 week | 1 month 4 weeks | |
| Exception: Serialization uploading csv file | Postponed (maintainer needs more info) | Normal | Bug report | main | file system | 7 | 1 month 2 weeks | 7 months 2 weeks | |
| guessMimeType return application/octet-stream if the temporary file don't have a extension | Needs work | Normal | Bug report | main | file system | 6 | 1 month 2 weeks | 4 months 4 weeks | |
| Handle NULL mime types in template_preprocess_file_link() | Needs work | Normal | Bug report | main | file system | 32 | 1 month 2 weeks | 1 year 9 months | |
| Imported PO files have no public URL but have a link at admin/content/files | Needs work | Major | Bug report | main | file system | 122 | 1 month 3 weeks | 11 years 3 months | |
| Allow the use of symlinks within the files directory. | Needs work | Major | Feature request | main | file system | 176 | 1 month 3 weeks | 15 years 5 months | |
| File paths vs Clean data for AI | Postponed (maintainer needs more info) | Normal | Feature request | main | file system | 3 | 2 months 2 weeks | 2 months 2 weeks | |
| File->toLink() throws exception due to missing 'canonical' link template, which is the default template for the method | Active | Normal | Bug report | main | file system | 8 | 2 months 2 weeks | 7 months 3 weeks | |
| Comma-separate the list of allowed file extensions | Postponed | Normal | Feature request | main | file system | 78 | 2 months 2 weeks | 6 years 3 weeks | |
| Field type - file upload settings - does not display "Private" radio-option | Postponed (maintainer needs more info) | Normal | Task | main | file system | 19 | 2 months 2 weeks | 9 years 9 months | |
| getInternalURL() counterpart to getExternalURL() | Postponed (maintainer needs more info) | Normal | Feature request | main | file system | 18 | 2 months 3 weeks | 13 years 4 months | |
| Make a check of file size a baked-in client side validation | Needs work | Normal | Feature request | main | file system | 41 | 2 months 3 weeks | 10 years 10 months | |
| Cleanup and re-order file_default_mimetype_mapping() mappings | Active | Normal | Task | main | file system | 21 | 2 months 3 weeks | 12 years 9 months | |
| File usage is not tracked by revision, leading to private files embedded in text fields in old revisions being accessible when they shouldn't be | Active | Normal | Bug report | main | file system | 16 | 2 months 3 weeks | 7 years 4 days | |
| Translation is not supported in file module | Needs work | Normal | Bug report | main | file system | 31 | 2 months 3 weeks | 6 years 7 months | |
| Add support for the 'yml' file extension in file_default_mimetype_mapping() | Postponed (maintainer needs more info) | Normal | Task | main | file system | 17 | 2 months 3 weeks | 13 years 3 months | |
| #states not affecting visibility/requirement of managed_file | Needs work | Major | Bug report | main | file system | 103 | 2 months 4 weeks | 9 years 4 months | |
| Link to useful information about .htaccess and directory protection | Needs work | Minor | Bug report | main | file system | 46 | 3 months 3 days | 8 years 9 months | |
| Provide a FieldType and FieldWidget to represent a WebVTT file for the HTML track element | Needs work | Normal | Task | main | file system | 44 | 3 months 1 week | 7 years 2 weeks | |
| File upload permission error showing in Media file field and CKEditor Image upload option | Postponed (maintainer needs more info) | Normal | Support request | main | file system | 27 | 3 months 1 week | 1 year 7 months | |
| Filter SVGs before uploading by default | Postponed | Normal | Feature request | main | file system | 13 | 3 months 1 week | 1 year 5 months | |
| Administrator cannot access to temporary files without usage that are owned by other users | Needs work | Normal | Bug report | main | file system | 9 | 3 months 2 weeks | 2 years 8 months | |
| Remove class ReadOnlyStream (or turn into a trait?) | Postponed (maintainer needs more info) | Normal | Feature request | main | file system | 21 | 4 months 2 days | 12 years 2 months | |
| Managed-file uploads do not support multiple actions per submit, and can't be replaced without multiple submits. | Postponed (maintainer needs more info) | Normal | Support request | main | file system | 15 | 4 months 1 week | 5 years 5 months | |
| file_url_transform_relative() only works with current request's host | Postponed (maintainer needs more info) | Normal | Bug report | main | file system | 20 | 5 months 3 weeks | 9 years 7 months | |
| [PP-1] Disallow dangerous filenames e.g. command injection characters | Postponed | Normal | Task | main | file system | 51 | 5 months 3 weeks | 1 year 2 months | |
| Call to a member function getPath() on null | Needs work | Normal | Bug report | main | file system | 8 | 5 months 4 weeks | 2 years 8 months | |
| Modules cannot grant access using hook_file_download() | Needs work | Normal | Bug report | main | file system | 21 | 6 months 2 weeks | 9 years 3 months | |
| `FileSystem->prepareDirectory` doesn't handle stream wrappers that require arguments | Postponed (maintainer needs more info) | Normal | Bug report | main | file system | 7 | 6 months 3 weeks | 1 year 4 months | |
| Expand unsafe extensions list to include extensions that could trigger XSS | Active | Normal | Task | main | file system | 12 | 7 months 5 days | 5 years 4 months | |
| Forward-port non-security-parts of SA-CORE-2014-003 file access bypass fixes to Drupal 8 | Postponed (maintainer needs more info) | Normal | Task | main | file system | 17 | 7 months 2 weeks | 11 years 2 months | |
| File usage only works with numeric IDs | Postponed (maintainer needs more info) | Normal | Feature request | main | file system | 18 | 7 months 2 weeks | 9 years 3 months | |
| Add support for "accepts" attribute for file upload FAPI elements | Postponed (maintainer needs more info) | Normal | Feature request | main | file system | 17 | 7 months 3 weeks | 13 years 3 months | |
| Change file validation order | Needs work | Minor | Bug report | main | file system | 61 | 7 months 3 weeks | 10 years 2 weeks | |
| add core file support for .dwg autocad files | Postponed (maintainer needs more info) | Normal | Feature request | main | file system | 18 | 7 months 3 weeks | 8 years 8 months |
Pages
Subscribe with RSS 