Only allow uploading JSON, CSV or XML files in the file field for MigrateSourceUiForm

Created on 31 January 2024, about 1 year ago

Updated 1 August 2024, 8 months ago

Currently, the file field on MigrateSourceUiForm has no extension restriction. The user of the form can upload any file which can be a security risk.

📌 Task

Status

Fixed

Version

1.0

Component

Code

Created by

🇨🇦Canada jibran Toronto, Canada

Live updates comments and jobs are added and updated live.

Security improvements
It makes Drupal less vulnerable to abuse or misuse. Note, this is the preferred tag, though the Security tag has a large body of issues tagged to it. Do NOT publicly disclose security vulnerabilities; contact the security team instead. Anyone (whether security team or not) can apply this tag to security improvements that do not directly present a vulnerability e.g. hardening an API to add filtering to reduce a common mistake in contributed modules.

Comments & Activities

Issue created by @jibran
Status changed to Needs review about 1 year ago12:43am 11 March 2024
Open in Jenkins → Open on Drupal.org →
Core: 10.2.x + Environment: PHP 8.1 & sqlite-3.27
last update about 1 year ago
1 pass
Comment about 1 year ago →
🇨🇦Canada jibran Toronto, Canada

heddn → committed 8ca8bc7d on 8.x-1.x

Issue #3418229 by jibran, heddn: Only allow uploading JSON, CSV or XML...

Status changed to Fixed 9 months ago5:01pm 18 July 2024
Comment 9 months ago →
heddn Nicaragua
Comment 8 months ago →
System Message
Automatically closed - issue fixed for 2 weeks with no activity.

Production build 0.71.5 2024