Help for Aimeos

I have this config in my config/shop.php file:
However, I can upload all kind of images, when creating a product. Even PDF or Zip files. Why doesn't the Shop prevent those uploads?

Also, is there an option to rename the upload folder and filename (other name instead of "/preview/" and random filename without extension)?

flomo wrote: ↑26 Sep 2019, 15:19 However, I can upload all kind of images, when creating a product. Even PDF or Zip files. Why doesn't the Shop prevent those uploads?

This configuration are the mime types that are allowed when converting images, not the mime types allowed for uploads (that can be everything).

flomo wrote: ↑26 Sep 2019, 15:19 Also, is there an option to rename the upload folder and filename (other name instead of "/preview/" and random filename without extension)?

Yes, if you extend and overwrite the media controller class:
https://github.com/aimeos/aimeos-core/b ... #L340-L362

This configuration are the mime types that are allowed when converting images, not the mime types allowed for uploads (that can be everything).

Is there any logic in place to control the upload? Where/how would that be done? I managed to upload a .php file, which is potentially very dangerous.

Yes, if you extend and overwrite the media controller class:
https://github.com/aimeos/aimeos-core/b ... #L340-L362

Perfect, thanks a lot!

You can whitelist the mime types you want to allow here:
https://github.com/aimeos/aimeos-core/b ... #L455-L499