View ProjeQtOr On SourceForge.net
ProjeQtOr - Project Management Tool
Support us on Capterra
OIN - Open Invention Network
ProjeQtOr free project management software - Issue "Attachment" - ProjeQtOr
 

Issue "Attachment"

More
09 Oct 2025 17:56 #1 by CSO_Arnaud
Issue "Attachment" was created by CSO_Arnaud
Hi everyone,According to the online help documentation, it should be possible to upload any type of file in the "Attachment" section. However, I’ve noticed that SVG files seem to cause an issue.Thanks in advance for your help!Best regards,



 2025-10-09 17:20:42.221 ***** ERROR ***** [V12.2.2] [868] HACK ================================================================
2025-10-09 17:20:42.221 ***** ERROR ***** [V12.2.2] [868] Try to hack detected
2025-10-09 17:20:42.221 ***** ERROR ***** [V12.2.2] [868] Source Code = try to upload svg file with included script (../files/attach//attachment_2500/courbes_convoyeur.svg)
2025-10-09 17:20:42.222 ***** ERROR ***** [V12.2.2] [868] QUERY_STRING = csrfToken=31a21406ffe20677840f11dcee35222c83c4ef860cdca4a20495e082c71f8f663cb3e8&directAccessIndex=
2025-10-09 17:20:42.222 ***** ERROR ***** [V12.2.2] [868] REMOTE_ADDR = 192.168.180.129
2025-10-09 17:20:42.222 ***** ERROR ***** [V12.2.2] [868] SCRIPT_FILENAME = /var/www/vhosts/open366.uxp-corp.com/httpdocs/tool/saveAttachment.php
2025-10-09 17:20:42.222 ***** ERROR ***** [V12.2.2] [868] CONNECTED USER = #868 - pierre.neel
2025-10-09 17:20:42.223 ***** ERROR ***** [V12.2.2] [868] Last connection = 2025-10-09 11:38:52
2025-10-09 17:20:42.223 ***** ERROR ***** [V12.2.2] [868] Last access = 2025-10-09 17:20:19
2025-10-09 17:20:42.223 ***** ERROR ***** [V12.2.2] [868] Disconnection =
2025-10-09 17:20:42.223 ***** ERROR ***** [V12.2.2] [868] === Trace Stack for last error ===
2025-10-09 17:20:42.223 ***** ERROR ***** [V12.2.2] [868] => /var/www/vhosts/open366.uxp-corp.com/httpdocs/tool/projeqtor.php at line 1734 calling debugPrintTraceStack()
2025-10-09 17:20:42.223 ***** ERROR ***** [V12.2.2] [868] => /var/www/vhosts/open366.uxp-corp.com/httpdocs/model/Security.php at line 302 calling traceHack()
2025-10-09 17:20:42.223 ***** ERROR ***** [V12.2.2] [868] => /var/www/vhosts/open366.uxp-corp.com/httpdocs/tool/saveAttachment.php at line 312 calling Security:checkEvilFile()
2025-10-09 17:20:42.224 ***** ERROR ***** [V12.2.2] [868] ===

Please Log in or Create an account to join the conversation.

More
10 Oct 2025 09:20 - 10 Oct 2025 09:23 #2 by maxca
Replied by maxca on topic Issue "Attachment"
Hello,
Yes, files with the .svg extension are not supported. I am going to  create a ticket.
Please note that you are using version 12.2.2; the latest stable version is 12.3.1. (The forum cannot respond to older versions.)
Have a nice day, 
Last edit: 10 Oct 2025 09:23 by maxca.

Please Log in or Create an account to join the conversation.

More
10 Oct 2025 17:41 #3 by babynus
Replied by babynus on topic Issue "Attachment"
You can upload svg file, but not svg file with included script : it is a security breach
Babynus
Administrator of ProjeQtOr web site

Please Log in or Create an account to join the conversation.

Moderators: babynusprotion
Time to create page: 0.381 seconds

Cookies settings

×

Functional Cookies

Ce site utilise des cookies pour assurer son bon fonctionnement et ne peuvent pas être désactivés de nos systèmes. Nous ne les utilisons pas à des fins publicitaires. Si ces cookies sont bloqués, certaines parties du site ne pourront pas fonctionner.

Session

Please login to see yours activities!

Other cookies

Ce site web utilise un certain nombre de cookies pour gérer, par exemple, les sessions utilisateurs.

Login Form