New IMPORT_FORMATS
setting does not prevent POST of incorrect type
#1617
Labels
IMPORT_FORMATS
setting does not prevent POST of incorrect type
#1617
Describe the bug
In PR #1606 we now have the ability to limit which formats can be imported. However this is a front end constraint only and you can still POST an undefined format.
To Reproduce
The test in the attached patch proves the issue.
IMPORT_FORMATS
are limited to 'csv' but you can POST a tsv. This format does not get processed correctly (fails with errors), however processing should not be allowed at all, otherwise it is a potential security issue.Versions (please complete the following information):
Expected behavior
I would expect to see an error message stating that the tsv format is not allowed.
Additional context
Apply attached patch with
git apply post-incorrect-type.txt
post-incorrect-type.txt
use the attached books.txt
(but rename to books.tsv and put in tests/core/exports)
These changes are in a branch here
The text was updated successfully, but these errors were encountered: