Mahara

Allow the site to restrict what files are allowed to be uploaded

Bug #1855351 reported by Robert Lyon on 2019-12-05

This bug affects 1 person

Affects

Status

Importance

Assigned to

Milestone

Mahara

Fix Released

Wishlist

Robert Lyon

Mahara 20.04.0

You need to log in to change this bug's status.

Affecting:	Mahara
Filed here by:	Robert Lyon
When:	2019-12-05
Confirmed:	2019-12-05
Assigned:	2019-12-05
Started work:	2019-12-05
Completed:	2020-04-29

Target

Distribution
Package	(Find…)
Project	(Find…)

Status	Importance	Milestone
	Wishlist	Mahara 20.04.0

Assigned to

	Me
	Robert Lyon (robertl-9)

Comment on this change (optional)

Email me about changes to this bug report

(?)

Bug Description

Currently a site can allow users to upload any file type.

But in some cases Mahara sites would want to restrict what can be uploaded to avoid users uploading malicious files or files that serve no purpose for portfolio creation, eg .bat or .exe files

To avoid this we could have a config.php setting that whitelists what file extensions are ok and display to the user what files extensions are allowed

Tags: Edit Tag help

Mahara Bot (dev-mahara) wrote on 2019-12-05: A patch has been submitted for review

Patch for "master" branch: https://reviews.mahara.org/10645

Mahara Bot (dev-mahara) wrote on 2020-01-07: A change has been merged

Reviewed: https://reviews.mahara.org/10645
Committed: https://git.mahara.org/mahara/mahara/commit/a064f3d60cc5ee7be39c66fce9a8d241ce286f5b
Submitter: Cecilia Vela Gurovic (<email address hidden>)
Branch: master

commit a064f3d60cc5ee7be39c66fce9a8d241ce286f5b
Author: Robert Lyon <email address hidden>
Date: Fri Dec 6 12:33:53 2019 +1300

Bug 1855351: Allow restriction of file uploads to a whitelist

This patch allows:
- the setting of a whitelist via a config setting
- check if file extension is in the whitelist
- check if the mimetype matches expected mimetype

behatnotneeded

Change-Id: Ie20726870d45e5eff7bf076e55ec694145e7a7ac
Signed-off-by: Robert Lyon <email address hidden>

Cecilia Vela Gurovic (ceciliavg) on 2020-01-07

Changed in mahara:
status:	In Progress → Fix Committed

Kristina Hoeppner (kris-hoeppner) on 2020-04-01

tags:

added: nominatedfeature

Robert Lyon (robertl-9) on 2020-04-29

Changed in mahara:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information Edit

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers