• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
allow all filetypes upload

#1
[eluser]dexter21[/eluser]
Hi,

how could i enable upload all filetypes files with upload class?

if i set $config['allowed_types']=''; after that if i tried to upload a zip it said :
Tipo de archivo inválido


Many thanks

#2
[eluser]Dagobert Renouf[/eluser]
ahah errors in español.
I think the only way is to list ALL filetypes.

I mean ci is built for security purposes, so why would you want to do that anyway ?
However I would advise you to wait for a more experienced-user answer.

#3
[eluser]Raiko[/eluser]
[quote author="dexter21" date="1213973119"]Hi,

how could i enable upload all filetypes files with upload class?

if i set $config['allowed_types']=''; after that if i tried to upload a zip it said :
Tipo de archivo inválido


Many thanks[/quote]

The allowed_types field is meant for the mime types of the allowed files. It has no default, so setting it to empty is going to produce exactly what you have.

I definitely would go with what Mr. Renouf said. Allowing all file types is a security hole. Many a forum system has been attacked in this manner. Usually a script file is uploaded and executed, giving the attacker access to what he/she wants usually.

I would advise against it. Please select only those that you want uploaded.

#4
[eluser]Digitalman65[/eluser]
I tried not setting the value and it complained. However, I absolutely DO want to allow for any and all file types so what am I to do other than alter the CI code - which I really don't want to do just to get by this. I agree that some situations require strict controls on file uploads but not all situations; a web based file manager, for instance, or a web based email system in which attachments can be of any type (even custom). SO is there a fix or work around?

#5
[eluser]Colin Williams[/eluser]
application/libraries/MY_Upload.php

Code:
class MY_Upload {

        // --------------------------------------------------------------------
    
    /**
     * Verify that the filetype is allowed
     *
     * @access    public
     * @return    bool
     */    
    function is_allowed_filetype()
    {
        if (count($this->allowed_types) == 0 || ! is_array($this->allowed_types))
        {
            // Return TRUE instead of failing. I would recommend a more concrete way of allowing all file types
            return TRUE;
        }
                
        foreach ($this->allowed_types as $val)
        {
            $mime = $this->mimes_types(strtolower($val));
        
            if (is_array($mime))
            {
                if (in_array($this->file_type, $mime, TRUE))
                {
                    return TRUE;
                }
            }
            else
            {
                if ($mime == $this->file_type)
                {
                    return TRUE;
                }    
            }        
        }
        
        return FALSE;
    }
}

#6
[eluser]llbbl[/eluser]
colin it looks like your file upload code made it into the CI class. I know this post is old, but I think trying to figure out what mime type you have when you upload a file is stupid.

http://ellislab.com/forums/viewthread/88647/

#7
[eluser]Colin Williams[/eluser]
Well, the EllisLab guys have defended their reasoning thus far and I don't think it's so stupid. They also built in an easy-ass way to override core classes.

#8
[eluser]llbbl[/eluser]
I'd like to hear what their reasoning is. We shouldn't be forced to override core classes because they were poorly developed. We should be looking to improve and add to the core classes.


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2019 MyBB Group.