https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42087
Bug ID: 42087
Summary: Add dependency File::LibMagic for validating file
using magic numbers
Initiative type: ---
Sponsorship ---
status:
Product: Koha
Version: Main
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5 - low
Component: Packaging
Assignee: [email protected]
Reporter: [email protected]
QA Contact: [email protected]
CC: [email protected]
There are many cases in Koha where we're working with files and we want to know
what type of file it is, but we can't trust the file extension or the
Content-Type that it's uploaded with, because those are user-controlled data.
A common method for testing file type is using magic numbers via the libmagic
library. In Perl File::LibMagic provides Perl bindings to this C library, which
makes it easy to check what kind of file we're working with (to a reasonable
degree).
libfile-libmagic-perl is available in Debian, so it should be an easy
dependency to add.
It will help improve our security and even just user experience.
--
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
_______________________________________________
Koha-bugs mailing list
[email protected]
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
