Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

No check for allowed mime types in selectors #1986

Closed
vbradnitski opened this issue Jun 19, 2020 · 0 comments
Closed

No check for allowed mime types in selectors #1986

vbradnitski opened this issue Jun 19, 2020 · 0 comments
Assignees
@vbradnitski
Labels
Bug Something isn't working
Milestone
3.0.1

Comments

@vbradnitski
Copy link
Contributor

@vbradnitski commented on Thu Jun 18 2020

@alansemenov commented on Tue May 12 2020

In ImageSelector and MediaSelector we define file extensions that are allowed to be selected in the native file browser dialog. It's possible to work around this restriction by switching from "Customized Files" to "All files" and select ANY file, which will then be uploaded even though it might be of incorrect type, not supported by this selector.

Since we cannot do anything about this behaviour in the native dialog, we should have an additional check/filter on the server which will verify uploaded file against allowed types for the input type.

image

image
@vbradnitski vbradnitski self-assigned this Jun 19, 2020
vbradnitski added a commit that referenced this issue Jun 19, 2020
@vbradnitski
Possible to upload an attachment of unallowed type in selectors #1986
ab548cf
@alansemenov alansemenov changed the title Possible to upload an attachment of unallowed type in selectors Set allowed mime types for image selector Jun 22, 2020
@alansemenov alansemenov added Improvement Suggestion for improvement Not in Changelog labels Jun 22, 2020
alansemenov pushed a commit that referenced this issue Jun 22, 2020
@vbradnitski @alansemenov
Possible to upload an attachment of unallowed type in selectors #1986
206f727
alansemenov pushed a commit that referenced this issue Jun 22, 2020
@vbradnitski @alansemenov
Possible to upload an attachment of unallowed type in selectors #1986
3a64049 
(cherry picked from commit 206f727)
@alansemenov alansemenov added this to the 3.0.1 milestone Aug 13, 2020
@alansemenov alansemenov changed the title Set allowed mime types for image selector No check for allowed mime types in selectors Aug 13, 2020
@alansemenov alansemenov added Bug Something isn't working and removed Improvement Suggestion for improvement Not in Changelog labels Aug 13, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@vbradnitski vbradnitski

Labels
Bug Something isn't working
Projects
None yet
Milestone
3.0.1
Development

No branches or pull requests
2 participants
@vbradnitski @alansemenov