[Koha-bugs] [Bug 27286] Patron picture-upload.pl allows arbitrary file extension during upload
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Mon Dec 21 08:25:14 CET 2020
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=27286
Saiful Amin <saiful at semanticconsulting.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |In Discussion
--- Comment #1 from Saiful Amin <saiful at semanticconsulting.com> ---
I have tested the following changes to fix both the issues. Need someone to
test and approve (I don't have the full environment to submit the patch).
/usr/share/koha/intranet/cgi-bin/tools/picture-upload.pl
Line: 96++
output_and_exit( $input, $cookie, $template, 'wrong_image_file_ext' )
unless $uploadfilename =~ m/^[^\.]+\.(png|gif|jpg|jpeg|xpm)$/i;
/usr/share/koha/intranet/htdocs/intranet-tmpl/prog/en/includes/blocking_errors.inc
Line: 9++
[% CASE 'wrong_image_file_ext' %]
<div class="dialog message">Wrong image file extension or double
extension in file name</div>
--
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
More information about the Koha-bugs
mailing list