This forum is no longer open and is for reading/searching only.

Please use our new MachForm Community Forum instead.

MachForm Community Forums » MachForm 2

Upload File Types

Started 15 years ago by richardholder | 11 posts |


  1. richardholder
    Member

    Hi, I am getting some irritating people uploading suspicious php files from my website which uses the latest version of Machform - I only want jpg, pdf files to be uploaded and can't find an option to do this. I have searched the forums and come up with nothing - any help would be much apprecaited.
    Regards
    Richard

    Posted 15 years ago #

  2. yuniar

    What is the exact version of your MachForm?
    Check your changelog.txt at the bottom.

    Version 2.1 and above should reject any PHP or HTML file upload by default.

    MachForm Founder

    Posted 15 years ago #

  3. richardholder
    Member

    Hi Yuniar,
    Oops - I have 2.0g installed - what is the recomended upgrade method please?
    If I just overwrite the directory I get a errors - one of which is this:

    "Illegal mix of collations (latin1_swedish_ci,IMPLICIT) and (utf8_general_ci,IMPLICIT)" etc

    Regards
    Richard

    Posted 15 years ago #

  4. redityo

    Hi Richard,

    It seems a mysql issue, anyway try to upgrade with these steps :

    1. Rename your previous machform to machform_old
    2. Upload fresh machform package and delete "installer.php" file
    3. Copy "data" folder from "machform_old" folder to new "machform" folder
    4. Set your database information in new "config.php" file

    MachForm Support

    Posted 15 years ago #

  5. richardholder
    Member

    Hi redityo,
    I have tried that but get this error:

    select element_id, element_type, element_constraint, element_title from ap_form_elements where form_id='1' and element_type <> 'section' order by element_position asc Query failed: Illegal mix of collations (latin1_swedish_ci,IMPLICIT) and (utf8_general_ci,COERCIBLE) for operation '<>'

    Machform 2.0g works flawlessly.

    Thanks for your help.

    Richard

    Posted 15 years ago #

  6. redityo

    Hmm .. It's weird, if machform 2.0g can work fine, it should work fine also with the new version. Anyway Could you send me your FTP login info to :

    customer.service[at]appnitro.com

    I need to check it further ..

    MachForm Support

    Posted 15 years ago #

  7. richardholder
    Member

    Hi redityo,
    I run my own web server and removed the FTP server some time ago - too much hacking activity :-(( Since the server is on the LAN I don't need it.
    I will re-install it and get back to you later.
    Regards Richard

    Posted 15 years ago #

  8. richardholder
    Member

    Hi redityo,
    I am sorry but getting an FTP server is going to take some time. Am I right in thinking that validation is done via the common-validator.php file?
    If so here is the one we have on our system:
    //validation for file upload filetype
    function validate_filetype($value){
    $error_message = VAL_FILETYPE;
    $value = $value[0];
    $ext = pathinfo(strtolower($_FILES[$value]['name']), PATHINFO_EXTENSION);
    if(defined('UPLOAD_FILETYPE_ALLOW') && (UPLOAD_FILETYPE_ALLOW != '')){
    //only allow these filetypes
    $allowed_filetypes = explode(';',strtolower(UPLOAD_FILETYPE_ALLOW));
    if(!in_array($ext,$allowed_filetypes)){
    return $error_message;
    }
    }elseif(defined('UPLOAD_FILETYPE_DENY') && (UPLOAD_FILETYPE_DENY != '')){
    //disallow these filetypes
    $blacklisted_filetypes = explode(';',strtolower(UPLOAD_FILETYPE_DENY));
    if(in_array($ext,$blacklisted_filetypes)){
    return $error_message;
    }
    }

    return true;
    }

    Could you let me know how I add allowed file types and deny others?
    Regards
    Richard

    Posted 15 years ago #

  9. yuniar

    Yes, the validator is done within the common-validator.php file.
    Have you managed to install version 2.2?

    If so, to add allowed types or deny certain types, simply modify your config.php file.
    Modify these lines:

    define('UPLOAD_FILETYPE_ALLOW','');
define('UPLOAD_FILETYPE_DENY','php;php3;php4;php5;phtml;exe;pl;cgi;html;htm;js');

    simply put new file extensions there.

    MachForm Founder

    Posted 15 years ago #

  10. lindabryce
    Member

    In version 2.2, using the config.php code you provided, is there a better way of denying files? If that line is left empty and the "allowed" line is populated with various extension types, will ONLY those types be allowed? Or does there HAVE to be extension types listed in the "deny" line to keep all other types out? It seems like there would have to be hundreds of denied extensions added otherwise.

    Posted 15 years ago #

  11. yuniar

    Yes, you can left the "deny" list empty and set the "allow" list, only those types will be allowed.

    No need to put hundreds of deny list.

    MachForm Founder

    Posted 15 years ago #

RSS feed for this topic

Reply