Skip to content

Secure upload #528

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Oct 21, 2025
Merged

Secure upload #528

merged 4 commits into from
Oct 21, 2025

Conversation

@solverat
Copy link
Member

@solverat solverat commented Oct 21, 2025

Q A
Bug fix? no
New feature? yes
BC breaks? no
Deprecations? no
Fixed tickets ---

Docs: https://github.com/dachcom-digital/pimcore-formbuilder/blob/secure_upload/docs/80_FileUpload.md#security

  • Enhance upload handling for FineUploadAdapter and DropZoneAdapter:

    • Added support for a fieldReference parameter during uploads, deletions, and chunk combining.
    • Updated methods to include a default statusCode in JSON responses for better status reporting.
    • Improved error handling and validation during upload processes.

  • Introduce UploadErrorException:

    • Created a custom exception class to handle upload-related errors.

  • Extend FileStream functionalities:

    • Implemented MIME type validation for uploaded files and chunk merging processes.
    • Added field reference validation and restriction checks (e.g., size limits and allowed MIME types).
    • Enhanced methods for handling chunked uploads and file deletions with field references.
    • Added reusable helper functions for upload validations.

  • Update DynamicMultiFileType:

    • Added a listener for POST_SET_DATA to manage dynamic multi-file form modifications.
    • Enhanced form options with fieldReference for better context specificity.

  • Add security configurations:

    • Introduced security node to configuration for enabling/disabling field reference validation and server-side MIME type validation.

  • Improve translations:

    • Expanded description for allowed_extensions to cover MIME type specification when server-side validation is active.

@solverat solverat merged commit f49bd58 into master Oct 21, 2025
3 checks passed
@solverat solverat deleted the secure_upload branch October 21, 2025 10:00
@github-actions github-actions bot locked and limited conversation to collaborators Oct 21, 2025
@solverat solverat added this to the 5.3.4 milestone Oct 21, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

enhancement

Projects

None yet

Milestone

5.3.4

Development

Successfully merging this pull request may close these issues.

2 participants

@solverat