User tests: Successful: Unsuccessful:
Pull Request for Issue #29763 (partly).
This Pull Request (PR) adds the "accept" attribute to the file field of the Joomla Update Component's Upload & Update tab so that only zip files with mime type "application/zip" are selectable.
Only zip because currently the Joomla Update Component only supports that packing format for Upload & Update, see also the discussion in comments below. No idea what the other update packages (tar.gz, tar.bz2) are good for. There is no update from folder option or update channel for which they could be used.
Important: This is NOT a security fix, it only shall make it harder to accidently select the wrong file for upload.
See the following description on https://developer.mozilla.org/en-US/docs/Web/HTML/Attributes/accept:
The accept attribute doesn't validate the types of the selected files; it simply provides hints for browsers to guide users towards selecting the correct file types. It is still possible (in most cases) for users to toggle an option in the file chooser that makes it possible to override this and select any file they wish, and then choose incorrect file types.
Because of this, you should make sure that expected requirement is validated server-side.
I will work on these server-side validations and provide a separate PR.
Browser support see https://caniuse.com/#feat=input-file-accept.
On a clean current staging or recent 3.9 nightly build or a 3.9.19, login to backend and go to "Components -> Joomla Update".
Go to the "Upload & Update" tab and use the button right beside "Joomla package file" to select a file for upload.
Result: See section "Actual result BEFORE applying this Pull Request" below.
Apply the patch of this PR.
Repeat step 2.
Result: See section "Expected result AFTER applying this Pull Request" below.
A browser dialogue opens which allows you to select a file. It shows all kinds of files in the currently active folder. There is no filter for zip files only.
E.g. on Firefox 77.0.1 (64-Bit) for Windows:
A browser dialogue opens which allows you to select a file. Depending on your browser it limits the files being shown to zip files.
E.g. on Firefox 77.0.1 (64-Bit) for Windows:
None, I think.
Status | New | ⇒ | Pending |
Category | ⇒ | Administration com_joomlaupdate |
@Quy No. These don't work with Upload & Update. They are meant to be used for manual upload and unpack into an empty folder and use the folder update channel. Update: That was for the extension installer. The Joomla Update Component currently can't use tar.gz or a tar.bz2 files in any way.
Thanks. Why offer those other formats?
Thanks. Why offer those other formats?
This is a question someone else has to answer, but it is a good question ;-)
I have tested this item
I have tested this item
Merging here thanks @richard67 and @Quy and @degobbis for testing.
Status | Pending | ⇒ | Closed |
Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2020-07-02 22:22:33 |
Closed_By | ⇒ | Quy |
You have to include the other 2 options found here:
https://github.com/joomla/joomla-cms/releases