View Issue Details

Related ChangesetsJump to NotesJump to History
This bug affects 1 person(s).
 10
IDProjectCategoryView StatusDate SubmittedLast Update
19098Bug reportsPluginspublic2023-09-19 09:332024-02-26 13:52
ReporterMazi Assigned Toc_schmitz  
PrioritynoneSeverityblock 
Status closedResolutionfixed 
Product Version5.6.x 
Summary19098: Add XSD files to allowed files for plugin uploads
Description

At the core config-defaults.php the following file types are allowed for plugin uploads:
$config['allowedpluginuploads'] = 'gif,ico,jpg,png,css,js,map,json,eot,otf,ttf,woff,txt,md,xml,woff2,twig,php,html,po,mo';

Especially for authentication plugins using SAML or similar technology, being able to include XSD files is essential. An XSD file is plain text and holds details about the elements and attributes that can be part of an XML document, see https://docs.fileformat.com/programming/xsd/

Please add XSD to the list of allowed file types so users can upload such plugins.
This would be needed for LS 5.x and 6.x.

Steps To Reproduce

Steps to reproduce

Import a plugin including an XSD file.

Expected result

Import should work fine since XSD is essential for some plugins to work fine.

Actual result

The plugin can not be installed since XSD files are not yet allowed to be used.

TagsNo tags attached.
Bug heat10
Complete LimeSurvey version number (& build)5.6.33+230808
I will donate to the project if issue is resolvedNo
Browser
Database type & versionMySQL
Server OS (if known)
Webserver software & version (if known)
PHP VersionPHP 7.4

Users monitoring this issue

There are no users monitoring this issue.

Activities

Mazi

Mazi

2023-09-21 15:29

updater   ~77223

@c_schmitz, according to @DenisChenu we already allow JS and PHP so compared to that allowing XSD should do no harm. Can we add this?
c_schmitz

c_schmitz

2023-09-21 15:56

administrator   ~77225

yes, create a tiny PR. please.
bismark

bismark

2023-09-28 12:34

reporter   ~77394

https://github.com/LimeSurvey/LimeSurvey/pull/3497
Mazi

Mazi

2023-09-28 14:24

updater   ~77401

@c_schmitz, please find the requested pull request at https://github.com/LimeSurvey/LimeSurvey/pull/3497.

Please merge into 3.x, 5.x and 6.x.

Thanks!
guest

guest

2023-09-28 14:40

viewer   ~77404

Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=35558
LimeBot

LimeBot

2023-10-04 11:28

administrator   ~77496

Fixed in Release 6.2.10+231004
Mazi

Mazi

2023-10-13 15:21

updater   ~77694

Re-opening this one since the fix was only pushed to 6.x.

@c_schmitz, can you pelase do me a favor and add the same fix to 5.x as well. For this version the bug report was initially opened because 6.x is not that widely used yet.
If you'd like to do me a bug favor, please also add the fix to 3.x (should be a piece of cake to cherry pick it). Because that version is still used a lot.

Thanks!
c_schmitz

c_schmitz

2024-02-26 09:18

administrator   ~79621

Added also to 5.x.
Next time please also open a separate PR for 5.x
LimeBot

LimeBot

2024-02-26 13:52

administrator   ~79640

Fixed in Release 5.6.56+240227

Related Changesets

LimeSurvey: master 6d8bd27f

2023-09-28 14:26:06

bismark


Committer: GitHub Details Diff 		Fixed issue 19098: Add XSD files to allowed files for plugin uploads Affected Issues
19098
mod - application/config/config-defaults.php Diff File

Issue History

Date Modified Username Field Change
2023-09-19 09:33 Mazi New Issue
2023-09-21 15:29 Mazi Note Added: 77223
2023-09-21 15:29 Mazi Bug heat 0 => 2
2023-09-21 15:56 c_schmitz Note Added: 77225
2023-09-21 15:56 c_schmitz Bug heat 2 => 4
2023-09-28 12:34 bismark Note Added: 77394
2023-09-28 12:34 bismark Bug heat 4 => 6
2023-09-28 14:23 Mazi Assigned To => c_schmitz
2023-09-28 14:23 Mazi Status new => assigned
2023-09-28 14:24 Mazi Note Added: 77401
2023-09-28 14:40 bismark Changeset attached => LimeSurvey master 6d8bd27f
2023-09-28 14:40 guest Note Added: 77404
2023-09-28 14:40 guest Bug heat 6 => 8
2023-10-04 11:28 LimeBot Note Added: 77496
2023-10-04 11:28 guest Bug heat 8 => 10
2023-10-04 11:28 LimeBot Status assigned => closed
2023-10-04 11:28 LimeBot Resolution open => fixed
2023-10-13 15:21 Mazi Status closed => feedback
2023-10-13 15:21 Mazi Resolution fixed => reopened
2023-10-13 15:21 Mazi Note Added: 77694
2023-10-13 15:42 tibor.pacalat Status feedback => assigned
2024-02-26 09:18 c_schmitz Status assigned => resolved
2024-02-26 09:18 c_schmitz Resolution reopened => fixed
2024-02-26 09:18 c_schmitz Note Added: 79621
2024-02-26 13:52 LimeBot Note Added: 79640
2024-02-26 13:52 LimeBot Status resolved => closed