Joomla! Issue Tracker - CMS

Download
Launch
Feeling Lucky

[#29564] - [4.0] Media Manager delete eveerything

No Code Attached Yet bug
avatar brianteeman
brianteeman
10 Jun 2020

With the new media manager it is possible to download or delete any file

Steps to reproduce the issue

  1. in the filesystem local plugin create a directory such as adminitrator
  2. in the media manager options set xml and php as allowed filteypes
  3. use the media manager to browse the administrator and to download and delete anything

Additional comments

You can say its a stupid user issue but we know users are stupid

avatar brianteeman brianteeman - open - 10 Jun 2020
avatar joomla-cms-bot joomla-cms-bot - change - 10 Jun 2020
Labels Added: ?
avatar joomla-cms-bot joomla-cms-bot - labeled - 10 Jun 2020
avatar gerryfrancis
gerryfrancis - comment - 10 Jun 2020

we know users are stupid

Actually some of them, yes. ;)

avatar PhilETaylor
PhilETaylor - comment - 10 Jun 2020

#20367

joomla-projects/media-manager-improvement#469

Edit; ah I see by "everything" you mean you can manipulate to delete xml/php as well as images, and not as the above issues, delete "everything" with just two clicks

HOWEVER:
Note that if you delete a FOLDER that contains xml/php/pdf and images, REGARDLESS of the allowed file types, ALL the files are deleted from that folder...

avatar jwaisner jwaisner - change - 10 Jun 2020
Status New Confirmed
Build staging 4.0-b2-dev
avatar dgrammatiko
dgrammatiko - comment - 9 Nov 2021

Is this still valid?

avatar brianteeman
brianteeman - comment - 9 Nov 2021

Yes I just deleted the api/languages folder

avatar Hackwar Hackwar - change - 20 Feb 2023
Labels Added: No Code Attached Yet bug
Removed: ?
avatar Hackwar Hackwar - labeled - 20 Feb 2023

Add a Comment

Login with GitHub to post a comment