search

CCALI / a2jauthor

CALI A2JAuthor document automation authoring and viewing platform
https://www.a2jauthor.org
Other
4 stars 1 forks source link

Upload safe list from config_env.in/CAJA_WS bug #375

Closed mikemitchel closed 1 year ago

mikemitchel commented 1 year ago

When trying to upload a GI, if there is no list of [MEDIA_EXTS_ALLOWED], it tries to merge an array from [ALLOWED_EXTENSIONS] with null, which returns a value of null and thus no extensions are allowed. To be backwards compatible, it should check for a media list, and if it doesn't exist, default to the [ALLOWED_EXTENSIONS].

https://github.com/CCALI/a2jauthor/blob/d010af6f65601b1845f3884d509ad16e548aa84e/CAJA_WS.php#L1200

should be

    if ($mediaOnly) {
        $allowed = $media;
    } else if ($media) {
        $allowed = array_merge($media, $other);
    } else {
        $allowed = $other;
    }
mikemitchel commented 1 year ago

additionally, if the upload does fail, it still puts a failed upload in the interviews list upon refresh:

Screen Shot 2023-02-08 at 3 29 08 PM

When fixing the above, should make sure to clean up the upload, or check for ok files first before putting a GI in the mysql db