Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-27418

The package component allows non image files renamed with image extensions

    XMLWordPrintable

    Details

      Description

      This issue was discovering while testing another issue, under the 5.4.11 certification.

      The tc-3228 test case, has the following step

      5. Now try to upload a file that is an actual image, but which is renamed to an unavailable extension, such as a jpg file named "my_disguised_image.php".

      I tried a variation of this step and renamed a php file to have jpg as extension.

      eZP accepts it.

      Steps to reproduce
      • Create an invalid image
         ls / > invalidImage.jpg
      • Create a style package
      • When the package manager asks to select an image, upload the {{ invalidImage.jpg}} file.
      • Confirms it will accept that file as an image.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              eduardo.fernandes-obsolete@ez.no Eduardo Fernandes (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:

                Time Tracking

                Estimated:
                Original Estimate - 0 minutes
                0m
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 45 minutes
                45m