Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upload other file types 7z and zip #112

Closed
ffiesta opened this issue Mar 5, 2024 · 1 comment
Closed

Upload other file types 7z and zip #112

ffiesta opened this issue Mar 5, 2024 · 1 comment

Comments

@ffiesta
Copy link
Contributor

ffiesta commented Mar 5, 2024

Please review the code and the security

Autorize 7z files

 "application/x-7z-compressed",  
 "application/octet-stream",

Autorize zip files

 "application/zip",
 "application/zip-compressed",
 "application/x-zip-compressed",

Mime type List Url: https://mimetype.io/all-types

Change /submit.php

  • Change line 488 from:
// check extensions
if(!in_array($attachment['ext'],array("pdf","doc","docx","xls","xlsx","ppt","pptx"))){

to:

if(!in_array($attachment['ext'],array("zip","pdf","doc","docx","xls","xlsx","ppt","pptx"))){
  • Change line 495 to include array type from:
// check file type
	if(!in_array($attachment["type"],array(
		"application/pdf",
		"application/msword",
		"application/vnd.ms-excel",
		"application/vnd.ms-powerpoint",
		"application/vnd.openxmlformats-officedocument.wordprocessingml.document",
		"application/vnd.openxmlformats-officedocument.spreadsheetml.sheet",
		"application/vnd.openxmlformats-officedocument.presentationml.presentation"
	))){

to:

// check file type
	if(!in_array($attachment["type"],array(
               "application/x-7z-compressed",
		"application/octet-stream",
		"application/zip",
		"application/zip-compressed",
                "application/x-zip-compressed",
		"application/pdf",
		"application/msword",
		"application/vnd.ms-excel",
		"application/vnd.ms-powerpoint",
		"application/vnd.openxmlformats-officedocument.wordprocessingml.document",
		"application/vnd.openxmlformats-officedocument.spreadsheetml.sheet",
		"application/vnd.openxmlformats-officedocument.presentationml.presentation"
	))){

Change /template.inc.php

  • Change line 488 from:
<input type="text" id="uploader-path" class="file-path validate" placeholder="<?= $TXT->AttachmentsSelect ?>.. (pdf, doc/x, xls/x, ppt/x)">

to:

<input type="text" id="uploader-path" class="file-path validate" placeholder="<?= $TXT->AttachmentsSelect ?>.. (7z, zip, pdf, doc/x, xls/x, ppt/x)">

Change /classes/Document.class.php

  • Change line 205 from:
// check extensions
if(!in_array(end($file_extension),array("pdf","doc","docx","xls","xlsx","ppt","pptx"))){continue;}

to

if(!in_array(end($file_extension),array("zip","zip","pdf","doc","docx","xls","xlsx","ppt","pptx"))){continue;}
@Zavy86
Copy link
Owner

Zavy86 commented Jun 2, 2024

hi, make a pull request please

@Zavy86 Zavy86 closed this as completed Jun 2, 2024
@ffiesta ffiesta mentioned this issue Jun 7, 2024
Open
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Zavy86 @ffiesta