Opened 23 months ago

#23152 new defect

Disallow tiff (and other non png non text) uploads

Reported by: cypherpunks Owned by: qbi
Priority: Medium Milestone:
Component: Internal Services/Service - trac Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Tiff is a quite a complicated format. Its implementation can contain vulnerabilities.

Some man creates tickets with tiffs attached:
#23140, #23085.

People consider this as an attack. They even ask him in a rude form not to post tiffs. Maybe we should protect him from such a rudeness ;) I suggest to disallow uploads of non-text formats other than the ones in the following whitelist: png?.

Child Tickets

Change History (0)

Note: See TracTickets for help on using tickets.