[#16890] - Define Legal Image Extensions (File Types) dynamically according to t…
- Closed
- 20 Jun 2020
- Medium
- Build: staging
- # 16890
- Diff
- wenmengyu:CustomLegalImageExtensions
- Success hound No violations found. Woof! Details
- Success continuous-integration/drone/pr the build was successful Details
- Success continuous-integration/travis-ci/pr The Travis CI build passed Details
- Success continuous-integration/appveyor/pr AppVeyor build succeeded Details
- Error continuous-integration/jenkins/pr-merge This commit cannot be built Details
User tests: Successful: Unsuccessful:
…he media component
Pull Request for Issue # .
Summary of Changes
Testing Instructions
In the media component of the configuration Media: Options in the field of Legal Image Extensions (File Types) to increase the need to extend the image extension (svg) using field type media can choose (svg) Legal Image Extensions picture file
Expected result
Actual result
Documentation Changes Required
| Status | New | ⇒ | Pending |
joomla-cms-bot
- | Category | ⇒ | Administration com_media |
| Labels |
Added:
?
|
||
Testing Instructions
In the media component of the configuration Media: Options in the field of Legal Image Extensions (File Types) to increase the need to extend the image extension (svg) using field type media can choose (svg) Legal Image Extensions picture file
Not sure I understand as we can't upload .svg files in the Media Manager as we get an error of possible IE XSS attack
See https://issues.joomla.org/tracker/joomla-cms/4674
BTW, the MIME Type is image/svg+xml
As long as svg is only something that a site owner can enable and is not enabled by default I don't see any issue
Not sure you understand: as far as I tested, this patch does not let upload a .svg file in Joomla, even after adding correctly the legal extensions, legal image extensions and mime-type.
So what does it do then?
(sent from the plane ✈)
On 29 Jun 2017 10:46 am, "infograf768" notifications@github.com wrote:
Not sure you understand: as far as I tested, this patch does not let
upload a .svg file in Joomla, even after adding correctly the legal
extensions, legal image extensions and mime-type.—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
#16890 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/ABPH8cj4RFCmX70iN7nrZIFw5ELgko_Lks5sI2RhgaJpZM4OHjIr
.
Looks like it lets display and choose an .svg file in the list when Inserting an image using the Image button . The .svg file would have been manually uploaded before in the images folder.
About svg vulnerabilities, read
https://www.owasp.org/images/0/03/Mario_Heiderich_OWASP_Sweden_The_image_that_called_me.pdf
If that's what it does then it's not a problem
| Status | Pending | ⇒ | Closed |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2020-06-20 21:05:45 |
| Closed_By | ⇒ | Quy |
can you please write Test instructions?