Bug 6689 - Cover image upload does not check file type
Cover image upload does not check file type
Status: RESOLVED FIXED
Product: OJS
Classification: Unclassified
Component: General
2.3.6
All All
: P3 normal
Assigned To: PKP Support
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2011-06-16 09:26 PDT by Alec Smecher
Modified: 2012-06-06 15:27 PDT (History)
4 users (show)

See Also:
Version Reported In: 2.3.5
Also Affects: OJS 2.2.5, OJS 2.3.2, OJS 2.3.3, OJS 2.3.4, OJS 2.3.5


Attachments
Patch against OJS 2.3.0, 2.3.1, 2.3.2 (2.42 KB, patch)
2011-06-16 10:06 PDT, Alec Smecher
Details | Diff
Patch against OJS 2.3.3, 2.3.4, 2.3.5 (2.43 KB, patch)
2011-06-16 10:07 PDT, Alec Smecher
Details | Diff
Patch against OJS 2.2.1, 2.2.2, 2.2.3, 2.2.4 (2.42 KB, patch)
2011-06-16 10:12 PDT, Alec Smecher
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Alec Smecher 2011-06-16 09:26:56 PDT
Cover image upload does not check file type. It should ensure file types in the usual set (.jpg, .gif, .png).
Comment 1 Alec Smecher 2011-06-16 10:06:52 PDT
Created attachment 3565 [details]
Patch against OJS 2.3.0, 2.3.1, 2.3.2
Comment 2 Alec Smecher 2011-06-16 10:07:13 PDT
Created attachment 3566 [details]
Patch against OJS 2.3.3, 2.3.4, 2.3.5
Comment 3 Alec Smecher 2011-06-16 10:12:46 PDT
Created attachment 3567 [details]
Patch against OJS 2.2.1, 2.2.2, 2.2.3, 2.2.4
Comment 4 jayfitzsimmons 2011-06-17 12:04:33 PDT
Could you also allow .pdf files as cover images?  We're planning on using pdf files for cover images for our journal.  Thanks.
Comment 5 Alec Smecher 2011-06-17 12:48:31 PDT
jayfitzsimmons -- probably not something we'd integrate into the codebase, but you can allow PDFs by modifying lib/pkp/classes/file/FileManager.inc.php in the getImageExtension function and adding a PDF entry. You'd also have to modify the template that displays these (templates/issue/issue.tpl) as the usual <img ...> tag won't work with PDFs.
Comment 6 jayfitzsimmons 2011-06-17 13:18:48 PDT
Ok - thank you Alec.
Jay
Comment 7 Ales Kladnik 2011-06-20 03:00:12 PDT
I patched our OJS 2.3.4 installation with the appropriate patch (that fixes MetadataForm.inc.php file), but the form at /ojs/<journal-name>/editor/issueData/ still accepts other file types. I could upload for example a file named "setup.exe", the image however was not showing, but I can see the file in the "public" directory, renamed as "cover... .exe"
Comment 8 Alec Smecher 2011-06-20 10:37:19 PDT
Ales, we're currently reviewing our file upload code to ensure that there aren't additional problems. Watch for an additional Bugzilla entry on our recommended patches page at http://pkp.sfu.ca/wiki/index.php/OJS_2.3.5_Recommended_Patches (we may or may not back-port fixes to prior versions, depending on severity).
Comment 9 plotti 2011-06-30 02:18:03 PDT
We are running Open Journal Systems 2.1.1.0. Is there a patch provided for this version, or is it not affected?

Thanks a lot for your help.
Tom
Comment 10 Alec Smecher 2011-06-30 08:24:31 PDT
Tom, OJS 2.2.0 and prior are not affected.