View Issue Details

This bug affects 1 person(s).
IDProjectCategoryView StatusLast Update
19098Bug reportsPluginspublic2023-10-13 15:42
ReporterMazi Assigned Toc_schmitz  
Status assignedResolutionreopened 
Product Version5.6.x 
Summary19098: Add XSD files to allowed files for plugin uploads

At the core config-defaults.php the following file types are allowed for plugin uploads:
$config['allowedpluginuploads'] = 'gif,ico,jpg,png,css,js,map,json,eot,otf,ttf,woff,txt,md,xml,woff2,twig,php,html,po,mo';

Especially for authentication plugins using SAML or similar technology, being able to include XSD files is essential. An XSD file is plain text and holds details about the elements and attributes that can be part of an XML document, see

Please add XSD to the list of allowed file types so users can upload such plugins.
This would be needed for LS 5.x and 6.x.

Steps To Reproduce

Steps to reproduce

Import a plugin including an XSD file.

Expected result

Import should work fine since XSD is essential for some plugins to work fine.

Actual result

The plugin can not be installed since XSD files are not yet allowed to be used.

TagsNo tags attached.
Bug heat10
Complete LimeSurvey version number (& build)5.6.33+230808
I will donate to the project if issue is resolvedNo
Database type & versionMySQL
Server OS (if known)
Webserver software & version (if known)
PHP VersionPHP 7.4

Users monitoring this issue

User List There are no users monitoring this issue.




2023-09-21 15:29

updater   ~77223

@c_schmitz, according to @DenisChenu we already allow JS and PHP so compared to that allowing XSD should do no harm. Can we add this?



2023-09-21 15:56

administrator   ~77225

yes, create a tiny PR. please.



2023-09-28 12:34

reporter   ~77394



2023-09-28 14:24

updater   ~77401

@c_schmitz, please find the requested pull request at

Please merge into 3.x, 5.x and 6.x.




2023-09-28 14:40

viewer   ~77404

Fix committed to master branch:



2023-10-04 11:28

administrator   ~77496

Fixed in Release 6.2.10+231004



2023-10-13 15:21

updater   ~77694

Re-opening this one since the fix was only pushed to 6.x.

@c_schmitz, can you pelase do me a favor and add the same fix to 5.x as well. For this version the bug report was initially opened because 6.x is not that widely used yet.
If you'd like to do me a bug favor, please also add the fix to 3.x (should be a piece of cake to cherry pick it). Because that version is still used a lot.


Related Changesets

LimeSurvey: master 6d8bd27f

2023-09-28 14:26:06


Committer: GitHub Details Diff
Fixed issue 19098: Add XSD files to allowed files for plugin uploads Affected Issues
mod - application/config/config-defaults.php Diff File

Issue History

Date Modified Username Field Change
2023-09-19 09:33 Mazi New Issue
2023-09-21 15:29 Mazi Note Added: 77223
2023-09-21 15:29 Mazi Bug heat 0 => 2
2023-09-21 15:56 c_schmitz Note Added: 77225
2023-09-21 15:56 c_schmitz Bug heat 2 => 4
2023-09-28 12:34 bismark Note Added: 77394
2023-09-28 12:34 bismark Bug heat 4 => 6
2023-09-28 14:23 Mazi Assigned To => c_schmitz
2023-09-28 14:23 Mazi Status new => assigned
2023-09-28 14:24 Mazi Note Added: 77401
2023-09-28 14:40 bismark Changeset attached => LimeSurvey master 6d8bd27f
2023-09-28 14:40 guest Note Added: 77404
2023-09-28 14:40 guest Bug heat 6 => 8
2023-10-04 11:28 LimeBot Note Added: 77496
2023-10-04 11:28 guest Bug heat 8 => 10
2023-10-04 11:28 LimeBot Status assigned => closed
2023-10-04 11:28 LimeBot Resolution open => fixed
2023-10-13 15:21 Mazi Status closed => feedback
2023-10-13 15:21 Mazi Resolution fixed => reopened
2023-10-13 15:21 Mazi Note Added: 77694
2023-10-13 15:42 tibor.pacalat Status feedback => assigned