16969: Allow new file after update - LimeSurvey bugs and feature requests

This bug affects 1 person(s).

252

ID	Project	Category	View Status	Date Submitted	Last Update

16969	Bug reports	Security	public	2021-01-12 15:04	2021-07-13 08:35

Reporter	DenisChenu	Assigned To	c_schmitz
Priority	none	Severity	minor
Status	closed	Resolution	won't fix
Product Version	3.25.6

Summary	16969: Allow new file after update
Description	After this commit : https://github.com/LimeSurvey/LimeSurvey/commit/756c1687ab30cebe8849aa9ca9ffda79cd6ed647 If admin user disallow gif and ico : it's allwed again
Steps To Reproduce	Use 3.25.6+201229 set `allowedthemeuploads` to `jpg,png,css,js,map,json,eot,ttf,woff,txt,md,xml,woff2,twig` update to 3.25.6+201229 can upload `ico` file
Additional Information	https://github.com/LimeSurvey/LimeSurvey/commit/68ce18e22194171e1c56c27f36ad7ce5b34adc8a#commitcomment-45721331 We can check both `&& in_array($extension,explode(",",Yii::app()->getConfig('allowedthemeuploads'))) && in_array($extension,array('ico','jpg','png','jpe','webp','gif'))`
Tags	No tags attached.

Bug heat	252
Complete LimeSurvey version number (& build)	3.25.7+210113
I will donate to the project if issue is resolved	No
Browser	not relevant
Database type & version	not relevant
Server OS (if known)	not relevant
Webserver software & version (if known)	not relevant
PHP Version	not relevant

User List	There are no users monitoring this issue.

Date Modified	Username	Field	Change
2021-01-12 15:04	DenisChenu	New Issue
2021-01-12 15:04	DenisChenu	Status	new => assigned
2021-01-12 15:04	DenisChenu	Assigned To	=> c_schmitz
2021-07-13 08:35	c_schmitz	Status	assigned => closed
2021-07-13 08:35	c_schmitz	Resolution	open => won't fix
2021-07-13 08:35	c_schmitz	Note Added: 65407

c_schmitz 2021-07-13 08:35 administrator ~65407	Yeah, it is not perfect but checking for both would also not be correct so I we will leave it as it is.