Hi
I post this issue again since it doesn't show up in the forum when I upate the previous post (here)
Since Joomla 3.4.5 the file transfer field can't upload ZIP files anymore. Will the upcoming Seblod 3.8 resolve this bug please ?
is there a workaround in the time between ?
thanks
cyril
+1
Hi,
@Cyril, you tested on Joomla 3.4.8 and the Joomla media manager. Thanks to confirm again if it's working for you.
@Ricco, can you please do the same test
Thanks
Hi
good question: the Joomla 3.4.5+ no longer accepts ZIP files even if we add the ZIP;zip extensions in the media manager options.
It has been noted on http://forum.joomla.org/viewtopic.php?f=715&t=894174
I can't see this issue in the official joomla tracker though (https://issues.joomla.org/tracker/joomla-cms) !
Cyril
Hi,
I've just tested and I can say that I can successfully upload zip file with the Upload-file field. I don't know if "file transfer field" is the same, I've never heard of it, sorry.
Joomla! 3.4.8
SEBLOD Version 3.7.2
Regards,
ricco
Hi
It was not that hard to fix the SEBLOD upload_file plugin since Joomla, as Saba wrote, modified the upload controls.
in the plugins/cck_field/upload_file/includes/afterstore.php file
please locate :
if ( JFile::upload( $tmp_name, $location) ) {
replace it with:
if ( JFile::upload( $tmp_name, $location,false,true ) ) {
Now we can upload zip files with Seblod. Seblod team please confirm there is no side effects (not sure of it).
Have a good day
cyril
This is not safe, you disabled all security checks, setting 4th parameter to true allow user to upload anything inlcuding php scripts. If anything, use $safeFileOptions parameter and set
array ($safeFileOptions['php_tag_in_content'] =>false, $safeFileOptions['shorttag_in_content']=>false, $safeFileOptions['fobidden_ext_in_content']=>false )
Hi Klas
Great, but will it be fixed in the upcoming 3.8 Seblod release please?
thanks
cyril
It is already on the tracker, so it will be fixed, but I don't know when.
Hi,
Already fixed. Including in next release.
Thanks.
Hey guys, this is still not working. J! 3.5.1 Seb 3.8.
Hi
yes, same thing here. The fix doesn't seem to be included
cyril
Hi All,
new paramaters have been added to let you the choice of how it must work.
So in the SEBLOD options, you can define the functionnality :
and then, in each file you can override that:
You can define in a white list of extensions hat you not allows in a Zip file.
Regards.
Lionel
Hi Lionel
that's much clearer, thanks
cyril
Hi
Are you sure that J3.5.1 + Seblod 3.8.1 behaves as you mentioned here?
I set in the SEBLOD option the forbidden extensions to NONE and set it again in the upload field but I still get the error message the ZIP file can't be uploaded due to security reasons
Thanks
cyril
Same here. Getting really tired of forcing my users to re-upload every third zip file with JCE.
Hi folks,
I use this settings under Options / Media / Common Extensions :
bmp,csv,doc,docx,gif,jpg,mp3,msg,pdf,png,pps,ppsx,ppt,pptx,txt,xls,
xlsx,zip,BMP,CSV,DOC,DOCX,GIF,JPG,MP3,MSG,PDF,PNG,PPS,
PPSX,PPT,PPTX,TXT,XLS,XLSX,ZIP
and the upload of zip-files works fine. I use SEBLOD 3.8.1 and JOOMLA 3.5.1
HI Kobalt
you found it ! thanks ! We actually have to set the DOCUMENT extension list so that it includes the zip, ZIP files in the seblod options even if you set this in the upload field itself!
cyril
Including zip on documents list is not advised. Actual issue is that setting None for scanning inside zip or document files does not work, so as soon as your zip contains php or similar, it will be blocked, currently you can only set a long Whitelist like this:
php,phps,php5,php3,php4,inc,pl,cgi,fcgi,java,jar,py
(there is another setting "Forbidden extensions" in the plugin itself, it should be set to Inhterited or Whitelist in this case)
I made a pull request that makes None setting to work, you can test it here:
Klas,
I went out on a limb and manually did the the changes you suggested in the pull request. It worked great for me. Thank you! (Happy Dance)
Ok, Here are all the places I know of that you can have to keep in mind for uploads.
From the most generic:
Global Config > Media
Global Config > Seblod \ Media
(On individual file upload fields) Field Settings > Costruction
Hi Klas
the fix at https://github.com/Octopoos/SEBLOD/pull/205 works for me. Exactly what I was looking for
thanks
cyril
Hi Cyril,
thank you for fedback, please also post it on github.
Hi Klas
it seems this fix hasn't been included in seblod 3.8.4. I had to modify the patch manually
thanks
cyril
As you can see on github it hasn't been merged yet, not sure why...
Hi Klas
It seems your fix has been discarded again with the 3.9.0 release !! why again ?
Cyril
cyril, I think you know who to ask :) I can just provide a patch.
Hi
Still very weird the Klas patch (https://github.com/Octopoos/SEBLOD/pull/205/commits) hasn't yet been included
cyril
See my previous answer.