Uploaded image for project: 'Ibexa IBX'
  1. Ibexa IBX
  2. IBX-6185

Add more PHP file types to default upload blocklist

    XMLWordPrintable

Details

    • Icon: Improvement Improvement
    • Resolution: Done
    • Icon: Medium Medium
    • 2.5.32, 4.6.0-beta2, 3.3.34, 4.5.2
    • 2.5.31, 4.5.0, 4.6.0-beta1, 3.3.33
    • None
    • None

    Description

      The file upload blocklist includes file types that are not allowed to be uploaded.
      https://github.com/ibexa/core/blob/main/src/bundle/Core/Resources/config/default_settings.yml#L111

      Some variants of PHP file types are not included by default, we should add them: php4, php5, phps
      v2.5: https://github.com/ezsystems/ezpublish-kernel/pull/3153 (merged)
      >= v3.3: https://github.com/ezsystems/ezplatform-kernel/pull/379 (merged)

      We should also document this blocklist on our security checklist page.
      PR: https://github.com/ezsystems/developer-documentation/pull/2059 (merged)

      Designs

        Attachments

          Activity

            People

              Unassigned Unassigned
              gunnstein.lye@ibexa.co Gunnstein Lye
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: