My configuration of Kunena allows only moderators to attach regular files (like txt,pdf). However, even if a user is a moderator for a category, he cannot upload those files. Kunena displays a warning message with the list of allowed file types. This list is correct and includes the extension of the uploaded file.
I already debugged this issue and found the reason for this behavior:
CKunenaUpload (lib/kunena.upload.class.php) is responsible for handling the upload. In its constructor, it generates the lists of valid extensions:
Code:
function __construct() {
...
$this->validImageExts = (array) KunenaForumMessageAttachmentHelper::getImageExtensions();
$this->validFileExts = (array) KunenaForumMessageAttachmentHelper::getFileExtensions();
...
}
However, it does not pass the category and user to
getImageExtensions and
getFileExtensions. So these functions cannot properly check whether the current user is a moderator for the category of the post.
Also, note the different first lines of the two functions:
Code:
static public function getFileExtensions($category = null, $user = null) {
$category = KunenaForumCategoryHelper::get($category);
vs.
Code:
static public function getImageExtensions($category = null, $user = null) {
if ($category !== null) $category = KunenaForumCategoryHelper::get($category);
As file extensions of images are checked similarly, I expect that this bug affects those as well.
I assume that patching is straightforward with this information for someone who knows where to take the category and user from.
Thank you very much!
