Hello.
In files uploads settings, in "Files" field need to configure allowed file extensions, e.g. "file_upload:zip-rar". It is very fine, but what if I need to upload any file extension?
Now I do it myself, but maybe it is possible set without coding?
P.S. I changed file "\administrator\components\com_chronoforms\form_actions\upload_files\upload_file.php":
Now if "Files" like "file_upload:" or "file_upload:*" I can upload any file.
P.P.S. Sorry for my terrible English.
Kind regards, Roman Bobrik.
In files uploads settings, in "Files" field need to configure allowed file extensions, e.g. "file_upload:zip-rar". It is very fine, but what if I need to upload any file extension?
Now I do it myself, but maybe it is possible set without coding?
P.S. I changed file "\administrator\components\com_chronoforms\form_actions\upload_files\upload_file.php":
function run($form, $actiondata){
...
foreach($files_array as $file_string){
if(strpos($file_string, ':') !== false){
$file_data = explode(':', trim($file_string));
$file_extensions = explode('-', $file_data[1]);
//convert all extensions to lower case
foreach($file_extensions as $k => $file_extension){
$file_extensions[$k] = strtolower($file_extension);
}
// added
if ( count($file_extensions) == 0 ) {
$file_extensions[] = '*';
}
if ( count($file_extensions) == 1 && $file_extensions[0] == '' ) {
$file_extensions[0] = '*';
}
// end
//get the posted file details
...
}
}
//add the data key
...
}
}
function processUpload($form, $file_post = array(), $field_name, $file_extensions){
//check errors
...
//mask the file name
...
//check the file size
if($file_tmp_name){
//check max size
...
// changed
}else if(!in_array(strtolower($file_info['extension']), $file_extensions) && !in_array('*', $file_extensions)){
...
}else{
...
}
}
}
Now if "Files" like "file_upload:" or "file_upload:*" I can upload any file.
P.P.S. Sorry for my terrible English.
Kind regards, Roman Bobrik.
Hi romanbobrik,
It's a high security risk to allow 'any file' uploads, so ChronoForms doesn't support this. And I'd suggest that you don't enable it on your site.
Bob
It's a high security risk to allow 'any file' uploads, so ChronoForms doesn't support this. And I'd suggest that you don't enable it on your site.
Bob
I would not enable it, but this is desire of the site owner.
And if I am not mistaken, ChronoForms checks only file extension, not type. If so it is, security risk still high.
Anyway, thank you.
Kind regards, Roman Bobrik.
And if I am not mistaken, ChronoForms checks only file extension, not type. If so it is, security risk still high.
Anyway, thank you.
Kind regards, Roman Bobrik.
So, ChronoForms is great component.
Thank you.
Kind regards, Roman Bobrik.
Thank you.
Kind regards, Roman Bobrik.
This topic is locked and no more replies can be posted.
