Uploaded project image not validated
In the settings section of a project the user is able to upload an image for the project. If the uploaded image is not an image file (eg. *.txt) the existing image will be removed (no image displayed) and the alt-text is displayed.
Bug report
Specifications
- STP-Version: rc3
- Platform: Arch Linux (4.16.3-1)
- Subsystem:
Expected Behavior
The image is not changed after uploading a non image file. The user gets hinted that the image type is not supported.
Current Behavior
The uploaded file will be applyed without checking its format.
Possible Solution
Validate the uploaded image format/extension via whitelist (png, jpg, jpeg, svg, ...).
Steps to Reproduce
- Log in into Systemtestportal
- Select a project
- Switch to 'Settings' tab
- Upload a *.txt file
Context (Environment)
Usability
Detailed Description
Create an image extension whitelist and validate the uploaded image.
Possible Implementation
Check the image extension via javascript.