View Issue Details

IDProjectCategoryView StatusLast Update
16969Bug reportsSecuritypublic2021-01-12 15:04
ReporterDenisChenu Assigned Toc_schmitz  
PrioritynoneSeverityminor 
Status assignedResolutionopen 
Product Version3.25.6 
Summary16969: Allow new file after update
Description

After this commit : https://github.com/LimeSurvey/LimeSurvey/commit/756c1687ab30cebe8849aa9ca9ffda79cd6ed647

If admin user disallow gif and ico : it's allwed again

Steps To Reproduce
  • Use 3.25.6+201229
  • set allowedthemeuploads to jpg,png,css,js,map,json,eot,ttf,woff,txt,md,xml,woff2,twig
  • update to 3.25.6+201229
  • can upload ico file
Additional Information

https://github.com/LimeSurvey/LimeSurvey/commit/68ce18e22194171e1c56c27f36ad7ce5b34adc8a#commitcomment-45721331

We can check both

&& in_array($extension,explode(",",Yii::app()->getConfig('allowedthemeuploads')))
&& in_array($extension,array('ico','jpg','png','jpe','webp','gif'))
TagsNo tags attached.
Complete LimeSurvey version number (& build)3.25.7+210113
I will donate to the project if issue is resolvedNo
Sync to Zoho Project
Browsernot relevant
Database & DB-Versionnot relevant
Server OS (if known)not relevant
Webserver software & version (if known)not relevant
PHP Versionnot relevant

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2021-01-12 15:04 DenisChenu New Issue
2021-01-12 15:04 DenisChenu Status new => assigned
2021-01-12 15:04 DenisChenu Assigned To => c_schmitz