-
-
Notifications
You must be signed in to change notification settings - Fork 3.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
You have tried to upload file(s) that are not safe. #15466
Conversation
@@ -40,6 +40,7 @@ COM_MEDIA_ERROR_UNABLE_TO_DELETE=" Unable to delete: " | |||
COM_MEDIA_ERROR_UNABLE_TO_UPLOAD_FILE="Unable to upload file." | |||
COM_MEDIA_ERROR_UPLOAD_INPUT="Please input a file to upload" | |||
COM_MEDIA_ERROR_WARNFILENAME="File name must only contain alphanumeric characters and no spaces." | |||
COM_MEDIA_ERROR_WARNFILENOTSAFE="You have tryed to upload file(s) that are not safe." |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
should be 'you tried to...'
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
correct it should be tried
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks fixed with the last commit.
this only fixes the issue for upload done in com_media, but not from other code using jinputfile get function... I still think raising an exception there is necessary, and here you should catch it instead of testing for empty $files |
i have just replyed to the other issue please open a PR with that exeption against the 4.0 branch and test the temp fix here. Thanks |
@zero-24 can you say a extension using com_media to test correctly? |
You can try to upload any extension (zip file) using com_media. I have tried a custom extension one. |
@zero-24 can you give me a Name for an Extension using com_media? |
Ah than you missunderstood that. You should just try to upload a zip file containing a extension. (or any other PHP code) Like the weblinks package. As this is marked as unsafe file. The extension itself do not matter :) |
I have tested this item ✅ successfully on 1bc78ff This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/15466. |
Please reassign Milestone 3.7.1. Was removed cause set "Easy Test" on "Yes". |
@@ -40,7 +40,7 @@ COM_MEDIA_ERROR_UNABLE_TO_DELETE=" Unable to delete: " | |||
COM_MEDIA_ERROR_UNABLE_TO_UPLOAD_FILE="Unable to upload file." | |||
COM_MEDIA_ERROR_UPLOAD_INPUT="Please input a file to upload" | |||
COM_MEDIA_ERROR_WARNFILENAME="File name must only contain alphanumeric characters and no spaces." | |||
COM_MEDIA_ERROR_WARNFILENOTSAFE="You have tryed to upload file(s) that are not safe." | |||
COM_MEDIA_ERROR_WARNFILENOTSAFE="You have tried to upload file(s) that are not safe." |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How about This file(s) is unsafe to upload.
to be consistent with sentence structure as the following line?
Would be great to get some testers here? ;) |
@zero-24 I will test this, give me one hour :) |
I have tested this item ✅ successfully on 9304662 This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/15466. |
Thanks. |
Pull Request for Issue #8903
Summary of Changes
If there is no info returned from
JInputFiles get()
you have tryed to upload unsave content. -> Tell that to the user.Testing Instructions
Try to upload a zip file containing php scripts e.g. a extension using com_media.
Expected result
Error message:
You have tryed to upload a save file that is not save.
Actual result
No message
Documentation Changes Required
None.