You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The ZIP file in question is very mundane - it is just a simple job application pack containing PDF and DOCX files. It is attached. It triggers the check for the .py extension - if you grep this ZIP file it will match this command:
grep "\.py" SDT\ Teacher\ Application\ Pack.zip
I am not sure why this filter checks for instances of a string file extension on binary files, this file just by coincidence results in a match when searching for ".py", despite it not containing any files of that extension.
The text was updated successfully, but these errors were encountered:
Steps to reproduce the issue
Upload the ZIP file referenced in the additional comments section below.
Expected result
The ZIP is successfully uploaded.
Actual result
The ZIP fails to upload, it is filtered by
InputFilter::isSafeFile
.System information (as much as possible)
Debian 9 x64
PHP 7.2.33
Joomla! 3.9.21
Additional comments
I have traced the error down to this specific check in
InputFilter::isSafeFile
:https://github.com/joomla/joomla-cms/blob/staging/libraries/src/Filter/InputFilter.php#L720
Here is a link to the affected ZIP file (managed to upload by commenting out the
return false;
statement in the above check): https://www.limingtonhouseschool.co.uk/files/SDT%20Teacher%20Application%20Pack.zipThe ZIP file in question is very mundane - it is just a simple job application pack containing PDF and DOCX files. It is attached. It triggers the check for the
.py
extension - if yougrep
this ZIP file it will match this command:grep "\.py" SDT\ Teacher\ Application\ Pack.zip
I am not sure why this filter checks for instances of a string file extension on binary files, this file just by coincidence results in a match when searching for ".py", despite it not containing any files of that extension.
The text was updated successfully, but these errors were encountered: