Import uploader does not check Content-Disposition header #78
Comments
|
From @magento-engcom-team on November 28, 2017 14:30 @EliasZ, thank you for your report. |
|
From @PieterCappelle on December 24, 2017 12:33 Should be fixed. If accepted I'll create backport to 2.2 & 2.1. |
|
From @magento-team on January 3, 2018 11:45 Hi @EliasZ. Thank you for your report. The fix will be available with the upcoming patch release. |
|
From @EliasZ on January 3, 2018 14:1 @PieterCappelle Did you verify this works with URLs sending a header detailing the filename? |
|
@PieterCappelle could you update this ticket for me. I see you have changed some stuff related to image processing. Is this already in 2.3-develop? Does it cover the issue raised in this ticket? Should we consider a backport here? Feel free to change the labels if we should backport and also add to phase 2 or close if we no longer need this ticket. Thank you. |
From @EliasZ on November 27, 2017 15:22
Preconditions
Magento 2.2.1 (probably previous versions too, cannot imagine this functionality being removed on purpose)
Steps to reproduce
Create a product import CSV with an image URL (which does not have a proper image extension) leading to an image being force downloaded by HTTP headers (for example: https://gist.github.com/brasofilo/2863355 (example gist))
Import it
Expected result
Actual result
/pub/media/import/httpexamplecomdownloadsomefile)Problem
Magento\CatalogImportExport\Model\Import\Uploader::move()sets$fileNameto a stripped version of the URL. Here it should do aMagento\Framework\Filesystem\File\ReadInterface::stat()on the URL to check if theContent-Dispositionheader is set and a filename is provided.Copied from original issue: magento/magento2#12455
The text was updated successfully, but these errors were encountered: