Mahara

Allow the site to restrict what files are allowed to be uploaded

Bug #1855351 reported by Robert Lyon
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mahara
Fix Released
Wishlist
Robert Lyon
Mahara 20.04.0

Bug Description

Currently a site can allow users to upload any file type.

But in some cases Mahara sites would want to restrict what can be uploaded to avoid users uploading malicious files or files that serve no purpose for portfolio creation, eg .bat or .exe files

To avoid this we could have a config.php setting that whitelists what file extensions are ok and display to the user what files extensions are allowed

Revision history for this message
Mahara Bot (dev-mahara) wrote : A patch has been submitted for review

Patch for "master" branch: https://reviews.mahara.org/10645

Revision history for this message
Mahara Bot (dev-mahara) wrote : A change has been merged

Reviewed: https://reviews.mahara.org/10645
Committed: https://git.mahara.org/mahara/mahara/commit/a064f3d60cc5ee7be39c66fce9a8d241ce286f5b
Submitter: Cecilia Vela Gurovic (<email address hidden>)
Branch: master

commit a064f3d60cc5ee7be39c66fce9a8d241ce286f5b
Author: Robert Lyon <email address hidden>
Date: Fri Dec 6 12:33:53 2019 +1300

Bug 1855351: Allow restriction of file uploads to a whitelist

This patch allows:
- the setting of a whitelist via a config setting
- check if file extension is in the whitelist
- check if the mimetype matches expected mimetype

behatnotneeded

Change-Id: Ie20726870d45e5eff7bf076e55ec694145e7a7ac
Signed-off-by: Robert Lyon <email address hidden>

Cecilia Vela Gurovic (ceciliavg)
Changed in mahara:
status: In Progress → Fix Committed
Kristina Hoeppner (kris-hoeppner)
tags: added: nominatedfeature
Robert Lyon (robertl-9)
Changed in mahara:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.