- Issue created by @jibran
- Status changed to Needs review
10 months ago 12:43am 11 March 2024 - last update
10 months ago 1 pass - Status changed to Fixed
5 months ago 5:01pm 18 July 2024 Automatically closed - issue fixed for 2 weeks with no activity.
Currently, the file field on MigrateSourceUiForm has no extension restriction. The user of the form can upload any file which can be a security risk.
Only allow uploading JSON, CSV or XML files in the file field for MigrateSourceUiForm
Fixed
1.0
Code
It makes Drupal less vulnerable to abuse or misuse. Note, this is the preferred tag, though the Security tag has a large body of issues tagged to it. Do NOT publicly disclose security vulnerabilities; contact the security team instead. Anyone (whether security team or not) can apply this tag to security improvements that do not directly present a vulnerability e.g. hardening an API to add filtering to reduce a common mistake in contributed modules.
Automatically closed - issue fixed for 2 weeks with no activity.