[Koha-bugs] [Bug 27286] New: Patron picture-upload.pl allows arbitrary file extension during upload
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Mon Dec 21 08:20:38 CET 2020
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=27286
Bug ID: 27286
Summary: Patron picture-upload.pl allows arbitrary file
extension during upload
Change sponsored?: ---
Product: Koha
Version: 20.05
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5 - low
Component: Patrons
Assignee: koha-bugs at lists.koha-community.org
Reporter: saiful at semanticconsulting.com
QA Contact: testopia at bugs.koha-community.org
CC: gmcharlt at gmail.com, kyle.m.hall at gmail.com
Created attachment 114546
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=114546&action=edit
Double extension or wrong extension in picture file upload
The IT team has flagged two issues with the picture upload tool (Patron Images
feature):
1. The tool allows upload of files with double extension.
2. The tool allows upload of files with arbitrary file extension.
In essence, the tool does not validate the image file restriction that is
mentioned in the top of upload input tag which is:
"Only PNG, GIF, JPEG, XPM formats are supported."
--
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
More information about the Koha-bugs
mailing list