We are moving to Git Issues for bug tracking in future releases. During transition, content will be in both tools. If you'd like to file a new bug, please create an issue.

Bug 6689

Summary: Cover image upload does not check file type
Product: OJS Reporter: Alec Smecher <alec>
Component: GeneralAssignee: PKP Support <pkp-support>
Severity: normal CC: ales.kladnik, colin.prince, jfitz049, plotti
Priority: P3    
Version: 2.3.6   
Hardware: All   
OS: All   
Version Reported In: 2.3.5 Also Affects: OJS 2.2.5, OJS 2.3.2, OJS 2.3.3, OJS 2.3.4, OJS 2.3.5
Attachments: Patch against OJS 2.3.0, 2.3.1, 2.3.2
Patch against OJS 2.3.3, 2.3.4, 2.3.5
Patch against OJS 2.2.1, 2.2.2, 2.2.3, 2.2.4

Description Alec Smecher 2011-06-16 09:26:56 PDT
Cover image upload does not check file type. It should ensure file types in the usual set (.jpg, .gif, .png).
Comment 1 Alec Smecher 2011-06-16 10:06:52 PDT
Created attachment 3565 [details]
Patch against OJS 2.3.0, 2.3.1, 2.3.2
Comment 2 Alec Smecher 2011-06-16 10:07:13 PDT
Created attachment 3566 [details]
Patch against OJS 2.3.3, 2.3.4, 2.3.5
Comment 3 Alec Smecher 2011-06-16 10:12:46 PDT
Created attachment 3567 [details]
Patch against OJS 2.2.1, 2.2.2, 2.2.3, 2.2.4
Comment 4 jayfitzsimmons 2011-06-17 12:04:33 PDT
Could you also allow .pdf files as cover images?  We're planning on using pdf files for cover images for our journal.  Thanks.
Comment 5 Alec Smecher 2011-06-17 12:48:31 PDT
jayfitzsimmons -- probably not something we'd integrate into the codebase, but you can allow PDFs by modifying lib/pkp/classes/file/FileManager.inc.php in the getImageExtension function and adding a PDF entry. You'd also have to modify the template that displays these (templates/issue/issue.tpl) as the usual <img ...> tag won't work with PDFs.
Comment 6 jayfitzsimmons 2011-06-17 13:18:48 PDT
Ok - thank you Alec.
Comment 7 Ales Kladnik 2011-06-20 03:00:12 PDT
I patched our OJS 2.3.4 installation with the appropriate patch (that fixes MetadataForm.inc.php file), but the form at /ojs/<journal-name>/editor/issueData/ still accepts other file types. I could upload for example a file named "setup.exe", the image however was not showing, but I can see the file in the "public" directory, renamed as "cover... .exe"
Comment 8 Alec Smecher 2011-06-20 10:37:19 PDT
Ales, we're currently reviewing our file upload code to ensure that there aren't additional problems. Watch for an additional Bugzilla entry on our recommended patches page at http://pkp.sfu.ca/wiki/index.php/OJS_2.3.5_Recommended_Patches (we may or may not back-port fixes to prior versions, depending on severity).
Comment 9 plotti 2011-06-30 02:18:03 PDT
We are running Open Journal Systems Is there a patch provided for this version, or is it not affected?

Thanks a lot for your help.
Comment 10 Alec Smecher 2011-06-30 08:24:31 PDT
Tom, OJS 2.2.0 and prior are not affected.