Support Forums

nexmation · 08-27-2008, 11:49 AM

I have an extra field called "video"
I have it set to allow the following file types: mpg,mpeg,wmv,flv,mov,

However, if a user tries to upload a jpg file, gif, etc... it is still getting uploaded to the video field.

Is there a way to make sure that the upload type checking actually works?

**Eric Barnes** · 08-27-2008, 11:52 AM

It sounds like you may be getting a javascript error on that page.

Can you check with Firefox and see if you see any javascript warnings or errors?

nexmation · 08-27-2008, 01:47 PM

Actually what I think is happening is when a user doesn't have javascript turned on in their browser is when the problem can happen.

I tried to upload a non approved file extension and was greeted with a javascript warning box telling me to use the correct file type. But I've had a bunch of users that have managed to accidentally upload jpegs where only video files should be allowed.

**Eric Barnes** · 08-27-2008, 01:49 PM

You may want to add this as a bug in the issue tracker:
http://www.68classifieds.com/forums/project.php

That way I remember it and can add server side checking.

nexmation · 08-27-2008, 01:56 PM

OK, I tested this with javascript turned off, and with no javascript, it uploaded a file with an unsupported file extension.

So it looks like the only check being done on the file uploads is with javascript, and nothing in the backend php script.

This is a HUGE security issue, because all a hacker has to do to upload a restricted file type is to turn off javascript.

It is also is a major PITA for a site administrator since a lot of regular people leave javascript turned off in their browsers.

**Eric Barnes** · 08-27-2008, 01:57 PM

That is why I said to file a bug report.

nexmation · 08-27-2008, 02:02 PM

Done:
http://www.68classifieds.com/forums/...hp?issueid=184

**Eric Barnes** · 08-27-2008, 02:33 PM

Thank you!

08-27-2008, 11:49 AM	#1
nexmation Junior Member Join Date: Jul 2008 Posts: 7 Rep Power: 0	Extra Field File Upload - Not filtering by extension I have an extra field called "video" I have it set to allow the following file types: mpg,mpeg,wmv,flv,mov, However, if a user tries to upload a jpg file, gif, etc... it is still getting uploaded to the video field. Is there a way to make sure that the upload type checking actually works?

08-27-2008, 11:52 AM	#2
Eric Barnes 68 Classifieds Staff Join Date: Mar 2006 Location: Belmont, NC Posts: 5,303 Rep Power: 125	It sounds like you may be getting a javascript error on that page. Can you check with Firefox and see if you see any javascript warnings or errors? __________________ Eric Barnes 68 Classifieds Developer Customer Area \| Issue Tracker \| Documentation \| 68C Mods \| 68 @ Twitter \| My Modules

08-27-2008, 01:49 PM	#4
Eric Barnes 68 Classifieds Staff Join Date: Mar 2006 Location: Belmont, NC Posts: 5,303 Rep Power: 125	You may want to add this as a bug in the issue tracker: http://www.68classifieds.com/forums/project.php That way I remember it and can add server side checking. __________________ Eric Barnes 68 Classifieds Developer Customer Area \| Issue Tracker \| Documentation \| 68C Mods \| 68 @ Twitter \| My Modules

08-27-2008, 01:57 PM	#6
Eric Barnes 68 Classifieds Staff Join Date: Mar 2006 Location: Belmont, NC Posts: 5,303 Rep Power: 125	That is why I said to file a bug report. __________________ Eric Barnes 68 Classifieds Developer Customer Area \| Issue Tracker \| Documentation \| 68C Mods \| 68 @ Twitter \| My Modules

08-27-2008, 02:33 PM	#8
Eric Barnes 68 Classifieds Staff Join Date: Mar 2006 Location: Belmont, NC Posts: 5,303 Rep Power: 125	Thank you! __________________ Eric Barnes 68 Classifieds Developer Customer Area \| Issue Tracker \| Documentation \| 68C Mods \| 68 @ Twitter \| My Modules

08-27-2008, 01:47 PM	#3
nexmation Junior Member Join Date: Jul 2008 Posts: 7 Rep Power: 0	Actually what I think is happening is when a user doesn't have javascript turned on in their browser is when the problem can happen. I tried to upload a non approved file extension and was greeted with a javascript warning box telling me to use the correct file type. But I've had a bunch of users that have managed to accidentally upload jpegs where only video files should be allowed.

08-27-2008, 01:56 PM	#5
nexmation Junior Member Join Date: Jul 2008 Posts: 7 Rep Power: 0	OK, I tested this with javascript turned off, and with no javascript, it uploaded a file with an unsupported file extension. So it looks like the only check being done on the file uploads is with javascript, and nothing in the backend php script. This is a HUGE security issue, because all a hacker has to do to upload a restricted file type is to turn off javascript. It is also is a major PITA for a site administrator since a lot of regular people leave javascript turned off in their browsers.

08-27-2008, 02:02 PM	#7
nexmation Junior Member Join Date: Jul 2008 Posts: 7 Rep Power: 0	Done: http://www.68classifieds.com/forums/...hp?issueid=184

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Adding extra field to search.php...	abkeller	v3.1 Modules & Modifications	4	06-05-2007 01:15 AM
Enabled extra field and pdf file keeps "falling out" of previous listings	sedonagate	v3.1 Questions & Support	3	09-21-2006 09:50 PM
Maximum File Size for File Upload	sporthorsebreeder	v3.1 Questions & Support	2	09-02-2006 05:18 PM
Upload File Feature does not work	sporthorsebreeder	v3.1 Questions & Support	10	08-16-2006 11:39 AM

Support Forums

Extra Field File Upload - Not filtering by extension

This topic is resolved.