1. sachinjavale5
  2. Support
  3. Tuesday, May 27 2014, 02:49 PM
Hi,

I have purchased easy profile on 21/12/2013 and implemented successfully, only problem is, it allows authenticated users to upload malicious files in the function “Profile Picture” and "Cover Pircture". There is no check on the file content type being uploaded. For instance,
It was possible to upload a HTML file with malicious script, which can be used as a Stored XSS.

So how to restrict the image upload to image types only

Regards
admin Accepted Answer
Admin
Hi which version of EP?
  1. more than a month ago
  2. Support
  3. # 1
sachinjavale5 Accepted Answer
I am using JSN_PRO_1.1.0
  1. more than a month ago
  2. Support
  3. # 2
admin Accepted Answer
Admin
Update to the latest version (1.3.0), but I recommend that you make a backup of your site before because Easy Profile has changed many things from 1.1.0.
  1. more than a month ago
  2. Support
  3. # 3
sachinjavale5 Accepted Answer
Hi,

At this time it wont be possible to update because we have created lot of fields and also customized css and also we are taking the site live tomorrow and if we update then it will take some time to check the conflicts which we dont have

So can you please let us know how to fix only that bug because we really don't have time for update now

Regards
  1. more than a month ago
  2. Support
  3. # 4
admin Accepted Answer
Admin
try this:
copy attached file(image.php) into /administrator/com_jsn/models/rule/

in file /administrator/com_jsn/helpers/fields/image.php after line 54 add this:
validate="image"
Attachments (1)
  1. more than a month ago
  2. Support
  3. # 5
sachinjavale5 Accepted Answer
It worked.

Really Appreciate Great Support!!!!

Thanks
  1. more than a month ago
  2. Support
  3. # 6
  • Page :
  • 1


There are no replies made for this post yet.
However, you are not allowed to reply to this post.
Sorry, the discussion is currently locked. You will not be able to post a reply at the moment.