Commit 2632c4a2 authored by Carsten  Rose's avatar Carsten Rose
Browse files

Fixes #5103. Upload any file type: * or *.*

parent 52994698
Pipeline #1792 passed with stage
in 1 minute and 57 seconds
......@@ -1571,7 +1571,7 @@ File upload
By default the mime type of every uploaded file is checked against a white list of allowed mime types. The mime type of
a file can be (easily) faked by an attacker. This check is good to handle regular user file upload for specific file types
but won't help to prevent attacks against uploading and executing malicous code.
but won't help to prevent attacks against uploading and executing malicious code.
Instead prohibit the execution of user contributed files by the webserver config (`SecureDirectFileAccess`_).
......@@ -1825,7 +1825,7 @@ Store: *VARS* - V
+-------------------------+--------------------------------------------------------------------------------------------------------------------------------------------+
| fileSize | Size of the uploaded file. |
+-------------------------+--------------------------------------------------------------------------------------------------------------------------------------------+
| mimeType | Mimetype of the uploaded file. |
| mimeType | Mime type of the uploaded file. |
+-------------------------+--------------------------------------------------------------------------------------------------------------------------------------------+
......@@ -3677,6 +3677,7 @@ See also `downloadButton`_ to offer a download of an uploaded file.
* List of mime types (also known as 'media types'): http://www.iana.org/assignments/media-types/media-types.xhtml
* If none is specified, 'application/pdf' is set. This forces that always (!) one type is specified.
* To allow any type, specify ``*`` or ``*.*``
* One or more media types might be specified, separated by ','.
* Different browser respect the given definitions in different ways. Typically the 'file choose' dialog offer:
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment