Hi, I am getting some irritating people uploading suspicious php files from my website which uses the latest version of Machform - I only want jpg, pdf files to be uploaded and can't find an option to do this. I have searched the forums and come up with nothing - any help would be much apprecaited.
Regards
Richard
Appnitro Software Forums » MachForm
Upload File Types
(9 posts)-
Posted 7 months ago #
-
What is the exact version of your MachForm?
Check your changelog.txt at the bottom.Version 2.1 and above should reject any PHP or HTML file upload by default.
Posted 7 months ago # -
Hi Yuniar,
Oops - I have 2.0g installed - what is the recomended upgrade method please?
If I just overwrite the directory I get a errors - one of which is this:"Illegal mix of collations (latin1_swedish_ci,IMPLICIT) and (utf8_general_ci,IMPLICIT)" etc
Regards
RichardPosted 7 months ago # -
Hi Richard,
It seems a mysql issue, anyway try to upgrade with these steps :
1. Rename your previous machform to machform_old
2. Upload fresh machform package and delete "installer.php" file
3. Copy "data" folder from "machform_old" folder to new "machform" folder
4. Set your database information in new "config.php" filePosted 7 months ago # -
Hi redityo,
I have tried that but get this error:select element_id, element_type, element_constraint, element_title from
ap_form_elementswhere form_id='1' and element_type <> 'section' order by element_position asc Query failed: Illegal mix of collations (latin1_swedish_ci,IMPLICIT) and (utf8_general_ci,COERCIBLE) for operation '<>'Machform 2.0g works flawlessly.
Thanks for your help.
Richard
Posted 7 months ago # -
Hmm .. It's weird, if machform 2.0g can work fine, it should work fine also with the new version. Anyway Could you send me your FTP login info to :
customer.service[at]appnitro.com
I need to check it further ..
Posted 7 months ago # -
Hi redityo,
I run my own web server and removed the FTP server some time ago - too much hacking activity :-(( Since the server is on the LAN I don't need it.
I will re-install it and get back to you later.
Regards RichardPosted 7 months ago # -
Hi redityo,
I am sorry but getting an FTP server is going to take some time. Am I right in thinking that validation is done via the common-validator.php file?
If so here is the one we have on our system:
//validation for file upload filetype
function validate_filetype($value){
$error_message = VAL_FILETYPE;
$value = $value[0];
$ext = pathinfo(strtolower($_FILES[$value]['name']), PATHINFO_EXTENSION);
if(defined('UPLOAD_FILETYPE_ALLOW') && (UPLOAD_FILETYPE_ALLOW != '')){
//only allow these filetypes
$allowed_filetypes = explode(';',strtolower(UPLOAD_FILETYPE_ALLOW));
if(!in_array($ext,$allowed_filetypes)){
return $error_message;
}
}elseif(defined('UPLOAD_FILETYPE_DENY') && (UPLOAD_FILETYPE_DENY != '')){
//disallow these filetypes
$blacklisted_filetypes = explode(';',strtolower(UPLOAD_FILETYPE_DENY));
if(in_array($ext,$blacklisted_filetypes)){
return $error_message;
}
}return true;
}Could you let me know how I add allowed file types and deny others?
Regards
RichardPosted 7 months ago # -
Yes, the validator is done within the common-validator.php file.
Have you managed to install version 2.2?If so, to add allowed types or deny certain types, simply modify your config.php file.
Modify these lines:define('UPLOAD_FILETYPE_ALLOW',''); define('UPLOAD_FILETYPE_DENY','php;php3;php4;php5;phtml;exe;pl;cgi;html;htm;js');simply put new file extensions there.
Posted 7 months ago #
Reply
You must log in to post.