Invalid names generated for uploads with unknown extensions
|Reported by:||Nazgul||Owned by:||markjaquith|
|Severity:||normal||Keywords:||has-patch needs-testing dev-reviewed|
It is possible for someone with the unfiltered_upload capability to upload attachments with unknown extensions. There is a bug which generates the filename in that instance, which results in a file called test.phps to be uploades as testphps..phps.
This is caused by the extension guesing code leaving the . before the extension, which is added again later on, making a few replaces fail.
Change History (4)
comment:1 markjaquith — 6 years ago
- Keywords needs-testing dev-feedback added
- Owner changed from anonymous to markjaquith
- Status changed from new to assigned