User tests: Successful: Unsuccessful:
Pull Request for Issue #29763 (partly).
This Pull Request adds the "accept" attribute to the file field of the Joomla Update Component's Upload & Update tab so that only zip files with mime type "application/zip" are selectable.
Important: This is NOT a security fix, it only shall prevent from accidently selecting the wrong file for upload and then getting an error message which is not really user friendly.
See the following description on https://developer.mozilla.org/en-US/docs/Web/HTML/Attributes/accept:
The accept attribute doesn't validate the types of the selected files; it simply provides hints for browsers to guide users towards selecting the correct file types. It is still possible (in most cases) for users to toggle an option in the file chooser that makes it possible to override this and select any file they wish, and then choose incorrect file types.
Because of this, you should make sure that expected requirement is validated server-side.
I will work on these server-side validations and provide a separate PR.
Will be added soon. Until this has been done I will leave this PR in draft status. As soon as draft status will be removed, the PR can be tested.
Will be added soon.
Will be added soon.
None, I think.
Status | New | ⇒ | Pending |
Category | ⇒ | Administration com_joomlaupdate |
Status | Pending | ⇒ | Closed |
Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2020-07-01 14:14:55 |
Closed_By | ⇒ | richard67 | |
Labels |
Added:
?
|
I thought about it and think it is better to do a PR for staging, because this change can be easily merged up to 3.10-dev and 4.0-dev without conflicts, and it makes sense for all versions. Cosing in favour of the staging PR coming soon.