PKP Bugzilla – Full Text Bug Listing
|Summary:||Cover image upload does not check file type|
|Product:||OJS||Reporter:||Alec Smecher <alec>|
|Component:||General||Assignee:||PKP Support <pkp-support>|
|Severity:||normal||CC:||ales.kladnik, colin.prince, jfitz049, plotti|
|Version Reported In:||2.3.5||Also Affects:||OJS 2.2.5, OJS 2.3.2, OJS 2.3.3, OJS 2.3.4, OJS 2.3.5|
Patch against OJS 2.3.0, 2.3.1, 2.3.2
Patch against OJS 2.3.3, 2.3.4, 2.3.5
Patch against OJS 2.2.1, 2.2.2, 2.2.3, 2.2.4
Description Alec Smecher 2011-06-16 09:26:56 PDT
Cover image upload does not check file type. It should ensure file types in the usual set (.jpg, .gif, .png).
Comment 1 Alec Smecher 2011-06-16 10:06:52 PDT
Created attachment 3565 [details] Patch against OJS 2.3.0, 2.3.1, 2.3.2
Comment 2 Alec Smecher 2011-06-16 10:07:13 PDT
Created attachment 3566 [details] Patch against OJS 2.3.3, 2.3.4, 2.3.5
Comment 3 Alec Smecher 2011-06-16 10:12:46 PDT
Created attachment 3567 [details] Patch against OJS 2.2.1, 2.2.2, 2.2.3, 2.2.4
Comment 4 jayfitzsimmons 2011-06-17 12:04:33 PDT
Could you also allow .pdf files as cover images? We're planning on using pdf files for cover images for our journal. Thanks.
Comment 5 Alec Smecher 2011-06-17 12:48:31 PDT
jayfitzsimmons -- probably not something we'd integrate into the codebase, but you can allow PDFs by modifying lib/pkp/classes/file/FileManager.inc.php in the getImageExtension function and adding a PDF entry. You'd also have to modify the template that displays these (templates/issue/issue.tpl) as the usual <img ...> tag won't work with PDFs.
Comment 6 jayfitzsimmons 2011-06-17 13:18:48 PDT
Ok - thank you Alec. Jay
Comment 7 Ales Kladnik 2011-06-20 03:00:12 PDT
I patched our OJS 2.3.4 installation with the appropriate patch (that fixes MetadataForm.inc.php file), but the form at /ojs/<journal-name>/editor/issueData/ still accepts other file types. I could upload for example a file named "setup.exe", the image however was not showing, but I can see the file in the "public" directory, renamed as "cover... .exe"
Comment 8 Alec Smecher 2011-06-20 10:37:19 PDT
Ales, we're currently reviewing our file upload code to ensure that there aren't additional problems. Watch for an additional Bugzilla entry on our recommended patches page at http://pkp.sfu.ca/wiki/index.php/OJS_2.3.5_Recommended_Patches (we may or may not back-port fixes to prior versions, depending on severity).
Comment 9 plotti 2011-06-30 02:18:03 PDT
We are running Open Journal Systems 220.127.116.11. Is there a patch provided for this version, or is it not affected? Thanks a lot for your help. Tom
Comment 10 Alec Smecher 2011-06-30 08:24:31 PDT
Tom, OJS 2.2.0 and prior are not affected.