Affects Version/s: 1.9.0-beta1
Fix Version/s: QA tracked issues
Component/s: Platform > Multi-upload
Operating System: Debian 8
PHP Version: 5.6.30-0+deb8u1
Database and version: Mysql 5.5.54-0+deb8u1
Browser (and version): Firefox 52
I'm not sure if this applies as an issue, so please evaluate it.
-If I try to create an "image" using an image file renamed with "php" extension. I'm unable to do so. - ok
-If I try to create one "file1.php" using the same renamed image file, then the file is created - ok
-If I tr to create one "file2.php" using a vali dphp file, the file i created - ok as well
The part I don't know if might be a problem (a security one due eventual php injection...?) is that "file1.php" is saved to "web/var/site/storage/original/image" and the second one, "file2.php" is saved to "web/var/site/storage/original/text"
So it seems that a validation is done to the file type upon the upload moment and then the location where it is stored depends on that validation.