Joomla! Issue Tracker | Joomla! CMS #15466 - You have tried to upload file(s) that are not safe.

? ? ?

Fixed in Code Base
15 Aug 2017
Medium
Build: staging
Easy Test
# 15466
Diff
zero-24:filesupload

Success

Success continuous-integration/travis-ci/pr The Travis CI build passed Details
Success continuous-integration/appveyor/pr AppVeyor build succeeded Details

User tests: Successful: Unsuccessful:

zero-24
21 Apr 2017

Pull Request for Issue #8903

Summary of Changes

If there is no info returned from JInputFiles get() you have tryed to upload unsave content. -> Tell that to the user.

Testing Instructions

Try to upload a zip file containing php scripts e.g. a extension using com_media.

Expected result

Error message: You have tryed to upload a save file that is not save.

Actual result

No message

Documentation Changes Required

None.

808f20c 21 Apr 2017

You have tryed to upload a save file that is not save.

dc90be3 21 Apr 2017

language string

zero-24 - open - 21 Apr 2017

zero-24 - change - 21 Apr 2017

Status

New

⇒

Pending

zero-24 - change - 21 Apr 2017

Milestone

Added:

joomla-cms-bot - change - 21 Apr 2017

Category

⇒

Administration com_media Language & Strings

zero-24 - change - 21 Apr 2017

Title

…

You have tryed to upload ~~a save file that is not sav~~e.

You have tryed to upload file(s) that are not safe.

zero-24 - edited - 21 Apr 2017

zero-24 - change - 21 Apr 2017

Title

…

You have tryed to upload ~~a save file that is not sav~~e.

You have tryed to upload file(s) that are not safe.

1bc78ff 21 Apr 2017

fix message thanks @julienV and @brianteeman

zero-24 - change - 21 Apr 2017

Labels

Added: ? ?

julienV - comment - 21 Apr 2017

this only fixes the issue for upload done in com_media, but not from other code using jinputfile get function... I still think raising an exception there is necessary, and here you should catch it instead of testing for empty $files

zero-24 - comment - 21 Apr 2017

i have just replyed to the other issue please open a PR with that exeption against the 4.0 branch and test the temp fix here. Thanks

zero-24 - change - 21 Apr 2017

Title

…

You have tryed to upload file(s) that are not safe.

You have tried to upload file(s) that are not safe.

zero-24 - edited - 21 Apr 2017

zero-24 - change - 21 Apr 2017

Title

…

You have tryed to upload file(s) that are not safe.

You have tried to upload file(s) that are not safe.

franz-wohlkoenig - comment - 22 Apr 2017

@zero-24 can you say a extension using com_media to test correctly?

zero-24 - comment - 22 Apr 2017

You can try to upload any extension (zip file) using com_media. I have tried a custom extension one.

franz-wohlkoenig - comment - 22 Apr 2017

@zero-24 can you give me a Name for an Extension using com_media?

zero-24 - comment - 22 Apr 2017

Ah than you missunderstood that. You should just try to upload a zip file containing a extension. (or any other PHP code)

Like the weblinks package. As this is marked as unsafe file. The extension itself do not matter :)

franz-wohlkoenig - comment - 22 Apr 2017

I have tested this item ✅ successfully on 1bc78ff

Tried upload com_patchtester.zip in "Media", got expected Error Message.

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/15466.}

franz-wohlkoenig - test_item - 22 Apr 2017 - Tested successfully

joomla-cms-bot - change - 22 Apr 2017

Milestone

Removed:

franz-wohlkoenig - change - 22 Apr 2017

Easy

⇒

Yes

franz-wohlkoenig - comment - 22 Apr 2017

Please reassign Milestone 3.7.1. Was removed cause set "Easy Test" on "Yes".

infograf768 - change - 22 Apr 2017

Milestone

Added:

wilsonge - change - 2 May 2017

Milestone

Removed:

dd41994 27 May 2017

Merge branch 'staging' into filesupload

brianteeman - change - 8 Jun 2017

Milestone

Added:

brianteeman - change - 8 Jun 2017

Milestone

Added:

brianteeman - change - 8 Jun 2017

Milestone

Removed:

brianteeman - change - 8 Jun 2017

Milestone

Removed:

4301ec3 14 Jun 2017

Merge branch 'staging' of github.com:joomla/joomla-cms into filesupload

9600841 14 Jun 2017

Merge branch 'filesupload' of github.com:zero-24/joomla-cms into filesupload

9304662 25 Jun 2017

Merge branch 'staging' of github.com:/joomla/joomla-cms into filesupload

zero-24 - comment - 13 Aug 2017

Would be great to get some testers here? ;)

wojsmol - comment - 13 Aug 2017

@zero-24 I will test this, give me one hour :)

wojsmol - test_item - 13 Aug 2017 - Tested successfully

wojsmol - comment - 13 Aug 2017

I have tested this item ✅ successfully on 9304662

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/15466.}

zero-24 - comment - 13 Aug 2017

Thanks.

zero-24 - change - 13 Aug 2017

Status	Pending	⇒	Ready to Commit
Labels

mbabker - change - 15 Aug 2017

Status	Ready to Commit	⇒	Fixed in Code Base
Closed_Date	0000-00-00 00:00:00	⇒	2017-08-15 12:15:21
Closed_By		⇒	mbabker
Labels	Added: ?

mbabker - close - 15 Aug 2017

mbabker - merge - 15 Aug 2017

Add a Comment

Older
Newer

Joomla! Issue Tracker - CMS

[#15466] - You have tried to upload file(s) that are not safe.

Summary of Changes

Testing Instructions

Expected result

Actual result

Documentation Changes Required

Add a Comment