Details
-
Bug
-
Resolution: Unresolved
-
Low
-
5.3.10
-
None
Description
This issue was discovering while testing another issue, under the 5.4.11 certification.
The tc-3228 test case, has the following step
5. Now try to upload a file that is an actual image, but which is renamed to an unavailable extension, such as a jpg file named "my_disguised_image.php".
I tried a variation of this step and renamed a php file to have jpg as extension.
eZP accepts it.
Steps to reproduce
- Create an invalid image
ls / > invalidImage.jpg
- Create a style package
- When the package manager asks to select an image, upload the {{ invalidImage.jpg}} file.
- Confirms it will accept that file as an image.