Closed
Description
Preconditions
Magento 2.2.1 (probably previous versions too, cannot imagine this functionality being removed on purpose)
Steps to reproduce
-
Create a product import CSV with an image URL (which does not have a proper image extension) leading to an image being force downloaded by HTTP headers (for example: https://gist.github.com/brasofilo/2863355 (example gist))
-
Import it
Expected result
- Magento properly checks the headers, downloads the file to the filename given in the headers and then imports it
Actual result
- Magento does not check the headers and downloads the file (for example http://example.com/downloadsomefile becomes something like
/pub/media/import/httpexamplecomdownloadsomefile
) - The filename does not have a valid file extension and validation fails resulting in the file not being properly imported
Problem
Magento\CatalogImportExport\Model\Import\Uploader::move()
sets $fileName
to a stripped version of the URL. Here it should do a Magento\Framework\Filesystem\File\ReadInterface::stat()
on the URL to check if the Content-Disposition
header is set and a filename is provided.
Metadata
Metadata
Assignees
Labels
The issue has been fixed in 2.3 release lineGate 2 Passed. Manual verification of the issue description passedGate 3 Passed. Manual verification of the issue completed. Issue is confirmedGate 1 Passed. Automatic verification of issue format passedGate 4. Acknowledged. Issue is added to backlog and ready for developmentThe issue has been reproduced on latest 2.1 releaseThe issue has been reproduced on latest 2.2 releaseThe issue has been reproduced on latest 2.3 release