Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IBX-6185: Add file upload blocklist to security checklist #2059

Merged
merged 7 commits into from
Jul 21, 2023
Merged

IBX-6185: Add file upload blocklist to security checklist #2059

merged 7 commits into from
Jul 21, 2023

Conversation

glye
Copy link
Contributor

@glye glye commented Jul 13, 2023
edited
Loading

Question Answer
JIRA Ticket https://issues.ibexa.co/browse/IBX-6185
Versions All supported
Edition All

Note: The setting is called ezsettings.default.io.file_storage.file_type_blacklist in v2.5 and is there located in the file eZ/Bundle/EzPublishCoreBundle/Resources/config/default_settings.yml of ezpublish-kernel.

See also

PR for adding more file types to this setting: ezsystems/ezpublish-kernel#3153

Checklist

  • Text renders correctly
  • Text has been checked with vale
  • Description metadata is up to date
  • Redirects cover removed/moved pages
  • Code samples are working
  • PHP code samples have been fixed with PHP CS fixer
  • Added link to this PR in relevant JIRA ticket or code PR

@glye glye mentioned this pull request Jul 13, 2023
Merged
6 tasks
@glye glye marked this pull request as ready for review July 13, 2023 14:40
@glye glye requested a review from a team July 13, 2023 14:42
adamwojs
adamwojs requested changes Jul 17, 2023
View reviewed changes
Copy link
Member

@adamwojs adamwojs left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  1. List of blocked file extensions should be placed in documentation
  2. Instructions on how to configure blacklist is missing

Let's try to make this checklist more convenient for a reader 😉

@glye
Copy link
Contributor Author

glye commented Jul 17, 2023

@adamwojs Improved explanation, and default list added: 084513e

@glye glye requested a review from adamwojs July 17, 2023 08:51
@glye glye requested a review from MagdalenaZuba July 17, 2023 08:52
@glye
CI reports fixed
209372e 
Use 'shouldn't' instead of 'should not'. Use present tense instead of future. Consider removing 'potentially'.
@glye glye requested a review from MagdalenaZuba July 21, 2023 11:34
@MagdalenaZuba MagdalenaZuba merged commit b97b438 into master Jul 21, 2023
@MagdalenaZuba MagdalenaZuba deleted the ibx6185-add_upload_blocklist branch July 21, 2023 13:05
MagdalenaZuba pushed a commit that referenced this pull request Jul 21, 2023
@glye @MagdalenaZuba
IBX-6185: Add file upload blocklist to security checklist (#2059)
b25f057
MagdalenaZuba pushed a commit that referenced this pull request Jul 21, 2023
@glye @MagdalenaZuba
IBX-6185: Add file upload blocklist to security checklist (#2059)
8567895
MagdalenaZuba pushed a commit that referenced this pull request Jul 21, 2023
@glye @MagdalenaZuba
IBX-6185: Add file upload blocklist to security checklist #2059
9e7822f
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MagdalenaZuba MagdalenaZuba MagdalenaZuba approved these changes

@adamwojs adamwojs adamwojs approved these changes

Assignees
No one assigned
Labels
Ready for MERGE
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@glye @adamwojs @MagdalenaZuba