Skip to content
Snippets Groups Projects
Commit 7aaf365e authored by aydreeihn's avatar aydreeihn
Browse files

Merge remote-tracking branch 'kevin/issue/file-upload-bypass' into features_prs/develop-next

parents b983d27c 3eb16147
No related branches found
No related tags found
No related merge requests found
...@@ -381,9 +381,15 @@ class DynamicFormsAjaxAPI extends AjaxController { ...@@ -381,9 +381,15 @@ class DynamicFormsAjaxAPI extends AjaxController {
} }
function attach() { function attach() {
global $thisstaff;
$config = DynamicFormField::objects()
->filter(array('type__contains'=>'thread'))
->first()->getConfiguration();
$field = new FileUploadField(); $field = new FileUploadField();
$field->_config = $config;
return JsonDataEncoder::encode( return JsonDataEncoder::encode(
array('id'=>$field->ajaxUpload()) array('id'=>$field->ajaxUpload($thisstaff ? true : false))
); );
} }
......
...@@ -3155,7 +3155,7 @@ class FileUploadField extends FormField { ...@@ -3155,7 +3155,7 @@ class FileUploadField extends FormField {
// Check MIME type - file ext. shouldn't be solely trusted. // Check MIME type - file ext. shouldn't be solely trusted.
if ($type && $config['__mimetypes'] if ($type && $config['__mimetypes']
&& in_array($type, $config['__mimetypes'])) && in_array($type, $config['__mimetypes'], true))
return true; return true;
// Return true if all file types are allowed (.*) // Return true if all file types are allowed (.*)
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment