]> git.koha-community.org Git - koha.git/commit
Bug 35291: Don't allow symlinks for link files in cover image ZIP
authorDavid Cook <dcook@prosentient.com.au>
Thu, 9 Nov 2023 00:23:45 +0000 (00:23 +0000)
committerTomas Cohen Arazi <tomascohen@theke.io>
Fri, 24 Nov 2023 19:43:23 +0000 (16:43 -0300)
commit4b019fcbb041649bf4e19e95d59117fb9b422c05
treeb212ede96ec97912dc00406eb1bc96cb36248e40
parent6023acd648110297a87c65d1b6d024584ac1bc06
Bug 35291: Don't allow symlinks for link files in cover image ZIP

There's no reason to allow symlinks for link files in cover image
ZIP files. Preventing their use prevents someone from uploading
a symlink pointing to an existing file on the Koha server.

Test plan:
0. Apply patch and restart/reload Koha
1. Create a PNG cover image
2. Create a datalink.txt file that contains something like the
following:
29,Untitled.PNG
3. Turn on "LocalCoverImages" system preference
4. Upload via http://localhost:8081/cgi-bin/koha/tools/upload-cover-image.pl
5. Go to http://localhost:8081/cgi-bin/koha/catalogue/detail.pl?biblionumber=29
6. Note the cover image has been uploaded

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
tools/upload-cover-image.pl