ajnyga / alloweduploads Goto Github PK

Description of issue or problem I’m having:

We tried limiting our allowed uploads to .docx only, but we seem to be still allowed to upload files of any format. It is the same for accounts with only author role and for accounts with editor role

Steps I took leading up to the issue:
We have been using OJS (successfully) and didn't try to limit the uploads. When we did try to limit uploads, it didn't work

What I tried to resolve the issue:
@odkr tried some things, just in case, that we didn't expect to have any effect and they didn't

Application Version:

OJS: v3.3.0-10 running on a Debian v11.3 (“bullseye”) LAMP system, using

Linux v5.10.0-9
Apache v2.4.53
PHP (fpm-fcgi) v7.4.28
MariaDB v15.1

Additional information, such as screenshots and error log messages if applicable:

Thank you for looking into this!

I get the following error in OJS 3.1.1.2 after enabling the plugin. Apparently the text item 'allowedExtensions' requires an id attribute. I've fixed this issue in my own version by changing the following line in allowedUploads/templates/settingsForm.tpl.

{fbvElement type="text" name="allowedExtensions" value=$allowedExtensions label="plugins.generic.allowedUploads.manager.settings.allowedExtensions"}

To

{fbvElement id="allowedExtensions" type="text" name="allowedExtensions" value=$allowedExtensions label="plugins.generic.allowedUploads.manager.settings.allowedExtensions"}

I hope this is descriptive enough. I've never really posted an issue before.

i want to give presentation about ojs 3. i am new to this software so anyone please guide me. How its working and what is the work flow(whom to whom) for this software.

The plugin can be easily bypassed with a little trick on the request. I submitted an .exe file that on the interface seems like a .txt file. See de examples:

To explore the problem I made this request:

Any file extension can be used.

Would you be able to make the file extensions case insensitive?

For example currently if I allow only 'doc;mp4' and try to upload a {filename}.MP4 the plugin denies it. Is there a good reason why? From my understanding file extensions are usually case insensitive though windows allows for either.

In Log its showing (::1 - - [02/Mar/2018:17:49:16 +0530] “GET /OJS/index.php/art/$$$call$$$/tab/settings/website-settings-tab/show-file-upload-form?fileSettingName=pageHeaderLogoImage&fileType=image&_=1519989177335 HTTP/1.1” 200 115 “http://localhost/OJS/index.php/art/admin/contexts?openWizard=1” “Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.168 Safari/537.36”)

@ajnyga, can you re-license your work on this plugin to "GPL v2 or later" rather than just GPL v2? For compatibility purposes, we are trying to get to GPL v3 for OJS 3.x.

https://pkp.sfu.ca/wiki/index.php?title=Tech_Committee_Meeting_Minutes_21_March_2018#Software_License_Change

Hi @asmecher

Here is a release ready for the plugin gallery:
https://github.com/ajnyga/allowedUploads/releases/tag/v.1.0