Uploaded image for project: 'Magnolia DX Core'
  1. Magnolia DX Core
  2. MGNLEE-829

Port to Master: Compromised JS files only checked if they are zipped

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Neutral
    • 6.3.0
    • None
    • None
    • None

    Description

      Steps to reproduce

      1. Go to Demo and open the Assets app
      2. Click on upload new asset and within the detail view, select the test.js file
      3. Upload it and check no security check is performed (asset uploaded)
      4. Now try the "Upload zip archive" with the test.js.zip file
      5. Check the security check prevents the user to upload the file

      Expected results

      Validator should detect correct mimeType for file. Javascript file could be uploaded if zipped or not. 

      Actual results

      If not zipped, the file is uploaded

      Workaround

      N/A

      Development notes

      N/A

      Checklists

        Acceptance criteria

        Attachments

          Issue Links

            Activity

              People

                ricardo.gonzalez ricardo gonzalez
                ccantalapiedra Carlos Cantalapiedra
                AuthorX
                Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:
                  Work Started:

                  Checklists

                    Bug DoR
                    Task DoD

                    Time Tracking

                      Estimated:
                      Original Estimate - Not Specified
                      Not Specified
                      Remaining:
                      Remaining Estimate - 0d
                      0d
                      Logged:
                      Time Spent - 0.5h
                      0.5h