Allow the site to restrict what files are allowed to be uploaded

Bug #1855351 reported by Robert Lyon on 2019-12-05
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mahara
Wishlist
Robert Lyon

Bug Description

Currently a site can allow users to upload any file type.

But in some cases Mahara sites would want to restrict what can be uploaded to avoid users uploading malicious files or files that serve no purpose for portfolio creation, eg .bat or .exe files

To avoid this we could have a config.php setting that whitelists what file extensions are ok and display to the user what files extensions are allowed

Reviewed: https://reviews.mahara.org/10645
Committed: https://git.mahara.org/mahara/mahara/commit/a064f3d60cc5ee7be39c66fce9a8d241ce286f5b
Submitter: Cecilia Vela Gurovic (<email address hidden>)
Branch: master

commit a064f3d60cc5ee7be39c66fce9a8d241ce286f5b
Author: Robert Lyon <email address hidden>
Date: Fri Dec 6 12:33:53 2019 +1300

Bug 1855351: Allow restriction of file uploads to a whitelist

This patch allows:
- the setting of a whitelist via a config setting
- check if file extension is in the whitelist
- check if the mimetype matches expected mimetype

behatnotneeded

Change-Id: Ie20726870d45e5eff7bf076e55ec694145e7a7ac
Signed-off-by: Robert Lyon <email address hidden>

Changed in mahara:
status: In Progress → Fix Committed
tags: added: nominatedfeature
Robert Lyon (robertl-9) on 2020-04-29
Changed in mahara:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers