8 years ago
27
Topic

Hi

I post this issue again since it doesn't show up in the forum when I upate the previous post (here

Since Joomla 3.4.5 the file transfer field can't upload ZIP files anymore. Will the upcoming Seblod 3.8 resolve this bug please ?

is there a workaround in the time between ?

thanks

cyril

Get a VIP membership
310 Posts
ricco
8 years ago
0
Level 1

+1

8 years ago
0
Level 1

Hi,

@Cyril, you tested on Joomla 3.4.8 and the Joomla media manager. Thanks to confirm again if it's working for you.

@Ricco, can you please do the same test

Thanks

8 years ago
0
Level 1

Hi

good question: the Joomla 3.4.5+ no longer accepts ZIP files even if we add the ZIP;zip extensions in the media manager options.

It has been noted on http://forum.joomla.org/viewtopic.php?f=715&t=894174

I can't see this issue in the official joomla tracker though (https://issues.joomla.org/tracker/joomla-cms) !


Cyril


310 Posts
ricco
8 years ago
0
Level 1

Hi,

I've just tested and I can say that I can successfully upload zip file with the Upload-file field. I don't know if "file transfer field" is the same, I've never heard of it, sorry.

Joomla! 3.4.8

SEBLOD Version 3.7.2

Regards,

ricco

8 years ago
1
Level 1

Hi

It was not that hard to fix the SEBLOD upload_file plugin since Joomla, as Saba wrote, modified the upload controls.

in the plugins/cck_field/upload_file/includes/afterstore.php file

please locate :

if ( JFile::upload( $tmp_name, $location) ) {

replace it with:

if ( JFile::upload( $tmp_name, $location,false,true ) ) {

Now we can upload zip files with Seblod. Seblod team please confirm there is no side effects (not sure of it).

Have a good day

cyril

4229 Posts
Kadministrator
8 years ago
0
Level 2

This is not safe, you disabled all security checks, setting 4th parameter to true allow user to upload anything inlcuding php scripts. If anything, use $safeFileOptions parameter and set

array ($safeFileOptions['php_tag_in_content'] =>false, $safeFileOptions['shorttag_in_content']=>false, $safeFileOptions['fobidden_ext_in_content']=>false )

8 years ago
0
Level 1

Hi Klas

Great, but will it be fixed in the upcoming 3.8 Seblod release please?

thanks

cyril

4229 Posts
Kadministrator
8 years ago
0
Level 1

It is already on the tracker, so it will be fixed, but I don't know when.

8 years ago
2
Level 1

Hi,

Already fixed. Including in next release.

Thanks.

21 Posts
Mat-Su Borough
8 years ago
1
Level 2

Hey guys, this is still not working.  J! 3.5.1 Seb 3.8.

8 years ago
0
Level 3

Hi

yes, same thing here. The fix doesn't seem to be included

cyril

8 years ago
1
Level 1

Hi All,

new paramaters have been added to let you the choice of how it must work.

So in the SEBLOD options, you can define the functionnality :

and then, in each file you can override that:

You can define in a white list of extensions hat you not allows in a Zip file.


Regards.

Lionel

8 years ago
0
Level 2

Hi Lionel

that's much clearer, thanks

cyril

8 years ago
3
Level 1

Hi

Are you sure that J3.5.1 + Seblod 3.8.1 behaves as you mentioned here?

I set in the SEBLOD option the forbidden extensions to NONE and set it again in the upload field but I still get the error message the ZIP file can't be uploaded due to security reasons

Thanks

cyril

21 Posts
Mat-Su Borough
8 years ago
0
Level 2

Same here. Getting really tired of forcing my users to re-upload every third zip file with JCE.

59 Posts
kobalt
8 years ago
1
Level 2

Hi folks,

I use this settings under Options / Media / Common Extensions

bmp,csv,doc,docx,gif,jpg,mp3,msg,pdf,png,pps,ppsx,ppt,pptx,txt,xls,
xlsx,zip,BMP,CSV,DOC,DOCX,GIF,JPG,MP3,MSG,PDF,PNG,PPS,
PPSX,PPT,PPTX,TXT,XLS,XLSX,ZIP

and the upload of zip-files works fine. I use SEBLOD 3.8.1 and JOOMLA 3.5.1

8 years ago
0
Level 3

HI Kobalt

you found it ! thanks ! We actually have to set the DOCUMENT extension list so that it includes the zip, ZIP files in the seblod options even if you set this in the upload field itself!

cyril

4229 Posts
Kadministrator
8 years ago
1
Level 1

Including zip on documents list is not advised. Actual issue is that setting None for scanning inside zip or document files does not work, so as soon as your zip contains php or similar, it will be blocked, currently you can only set a long Whitelist like this:

php,phps,php5,php3,php4,inc,pl,cgi,fcgi,java,jar,py

(there is another setting "Forbidden extensions" in the plugin itself, it should be set to Inhterited or Whitelist in this case)

I made a pull request that makes None setting to work, you can test it here:

https://github.com/Octopoos/SEBLOD/pull/205

21 Posts
Mat-Su Borough
8 years ago
0
Level 2
Text

Klas,

I went out on a limb and manually did the the changes you suggested in the pull request. It worked great for me.  Thank you!  (Happy Dance) 

Ok, Here are all the places I know of that you can have to keep in mind for uploads. 

From the most generic:

Global Config > Media

Global Config > Seblod \ Media

(On individual file upload fields) Field Settings > Costruction

8 years ago
3
Level 1

Hi Klas

the fix at https://github.com/Octopoos/SEBLOD/pull/205 works for me. Exactly what I was looking for

thanks 


cyril

4229 Posts
Kadministrator
8 years ago
2
Level 2

Hi Cyril,

thank you for fedback,  please also post it on github.

8 years ago
1
Level 3

Hi Klas

it seems this fix hasn't been included in seblod 3.8.4. I had to modify the patch manually

thanks

cyril

4229 Posts
Kadministrator
8 years ago
0
Level 4

As you can see on github it hasn't been merged yet, not sure why...

8 years ago
1
Level 1

Hi Klas

It seems your fix has been discarded again with the 3.9.0 release !! why again ?

Cyril

4229 Posts
Kadministrator
8 years ago
0
Level 2

cyril, I think you know who to ask :) I can just provide a patch.

7 years ago
1
Level 1

Hi

Still very weird the Klas patch (https://github.com/Octopoos/SEBLOD/pull/205/commits) hasn't yet been included


cyril

4229 Posts
Kadministrator
7 years ago
0
Level 2

See my previous answer.

Get a VIP membership