You have tried to upload file(s) that are not safe. #15466
Conversation
zero-24
changed the title
| @@ -40,6 +40,7 @@ COM_MEDIA_ERROR_UNABLE_TO_DELETE=" Unable to delete: " | |||
| COM_MEDIA_ERROR_UNABLE_TO_UPLOAD_FILE="Unable to upload file." | |||
| COM_MEDIA_ERROR_UPLOAD_INPUT="Please input a file to upload" | |||
| COM_MEDIA_ERROR_WARNFILENAME="File name must only contain alphanumeric characters and no spaces." | |||
| COM_MEDIA_ERROR_WARNFILENOTSAFE="You have tryed to upload file(s) that are not safe." | |||
There was a problem hiding this comment.
should be 'you tried to...'
There was a problem hiding this comment.
correct it should be tried
There was a problem hiding this comment.
Thanks fixed with the last commit.
|
this only fixes the issue for upload done in com_media, but not from other code using jinputfile get function... I still think raising an exception there is necessary, and here you should catch it instead of testing for empty $files |
|
i have just replyed to the other issue please open a PR with that exeption against the 4.0 branch and test the temp fix here. Thanks |
zero-24
changed the title
|
@zero-24 can you say a extension using com_media to test correctly? |
|
You can try to upload any extension (zip file) using com_media. I have tried a custom extension one. |
|
@zero-24 can you give me a Name for an Extension using com_media? |
|
Ah than you missunderstood that. You should just try to upload a zip file containing a extension. (or any other PHP code) Like the weblinks package. As this is marked as unsafe file. The extension itself do not matter :) |
|
I have tested this item ✅ successfully on 1bc78ff This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/15466. |
|
Please reassign Milestone 3.7.1. Was removed cause set "Easy Test" on "Yes". |
| @@ -40,7 +40,7 @@ COM_MEDIA_ERROR_UNABLE_TO_DELETE=" Unable to delete: " | |||
| COM_MEDIA_ERROR_UNABLE_TO_UPLOAD_FILE="Unable to upload file." | |||
| COM_MEDIA_ERROR_UPLOAD_INPUT="Please input a file to upload" | |||
| COM_MEDIA_ERROR_WARNFILENAME="File name must only contain alphanumeric characters and no spaces." | |||
| COM_MEDIA_ERROR_WARNFILENOTSAFE="You have tryed to upload file(s) that are not safe." | |||
| COM_MEDIA_ERROR_WARNFILENOTSAFE="You have tried to upload file(s) that are not safe." | |||
There was a problem hiding this comment.
How about This file(s) is unsafe to upload. to be consistent with sentence structure as the following line?
|
Would be great to get some testers here? ;) |
|
@zero-24 I will test this, give me one hour :) |
|
I have tested this item ✅ successfully on 9304662 This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/15466. |
|
Thanks. |
Pull Request for Issue #8903
Summary of Changes
If there is no info returned from
JInputFiles get()you have tryed to upload unsave content. -> Tell that to the user.Testing Instructions
Try to upload a zip file containing php scripts e.g. a extension using com_media.
Expected result
Error message:
You have tryed to upload a save file that is not save.Actual result
No message
Documentation Changes Required
None.