[D7] Add tests for handling files with insecure extensions

Created on 26 May 2023, over 1 year ago

Problem/Motivation

This is a follow-up to: 📌 [D7] Add phtml files to the list of potentially malicious extensions Fixed

D7 does not have a complete test of FILE_INSECURE_EXTENSIONS. Only selected use-cases (extensions) are tested in various functions, but not all of them. For example the asp extension is not tested anywhere.

D10 has such test in SecurityFileUploadEventSubscriberTest::testSanitizeName().

We need to create such a test for D7, to have these insecure extensions tested properly (ideally to test uploading files with these extensions and also file names munging, but let's see).

Steps to reproduce

Proposed resolution

Add a tests for uploading files with insecure extensions and also file names munging (of such files).

Remaining tasks

User interface changes

API changes

Data model changes

Release notes snippet

📌 Task

Status

Active

Version

7.0 ⚰️

Component

Simpletest →

Last updated about 2 months ago

Maintained by
🇬🇧United Kingdom @alexpott
🇨🇭Switzerland @berdir
🇩🇪Germany @dawehner
🇮🇹Italy @mondrake

Created by

🇸🇰Slovakia poker10

Live updates comments and jobs are added and updated live.

Comments & Activities

Issue created by @poker10

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024