Legacy xls upload not possible anymore #52
Comments
|
Thank you for the hint, I will take care about this and will remove the legacy xls support asap. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Since v5.0.x, the import of old .xls files is no longer possible due to possible security problems.
This may also affect other old file extensions.
Converting .xls to .xlsx is a workaround.
This warning is shown after uploading:
Exception in BE log:
Core: Exception handler (WEB): Uncaught TYPO3 Exception: Detected use of ENTITY in XML, spreadsheet file load() aborted to prevent XXE/XEE attacks | PhpOffice\PhpSpreadsheet\Reader\Exception thrown in file /var/www/vhosts/REMOVED/vendor/phpoffice/phpspreadsheet/src/PhpSpreadsheet/Reader/Security/XmlScanner.php in line 151. Requested URL: https://REMOVED/typo3/module/web/xlsimport?token=--AnonymizedToken--&action=upload&id=17342Possible solution:
Remove .xls from the allowed file extensions and update the import info to modern file extensions above the import form in the backend module.
The text was updated successfully, but these errors were encountered: