Prevented an unwanted file upload: PHPFusion 8 Support

Home
Search

Oh no! Where's the JavaScript?
Your Web browser does not have JavaScript enabled or does not support JavaScript. Please enable JavaScript on your Web browser to properly view this Web site, or upgrade to a Web browser that does support JavaScript.

Hi

I get this error message here Prevented an unwanted file upload attempt!
What should I do?

0 replies

Check here. I have the same problem and test these solutions.

0 replies

Falk

answered 12 Feb 2014 at 01:57 AM

Super Admin

If you have a really hard time with it one way is to disable this function from maincore.php
But best is to make sure all your files have proper MIME types set and gets validated.

Code Download source

// Checking file types of the uploaded file with known mime types list to prevent uploading unwanted files
if(isset($_FILES) && count($_FILES)) {
   require_once BASEDIR.'includes/mimetypes_include.php';
   $mime_types = mimeTypes();
   foreach($_FILES as $each) {
      if(isset($each['name']) && strlen($each['tmp_name'])) {
         $file_info = pathinfo($each['name']);
         $extension = $file_info['extension'];
         if(array_key_exists($extension, $mime_types)) {
            //An extension may have more than one mime type
            if(is_array($mime_types[$extension])) {
               //We should check each extension one by one
               $valid_mimetype = false;
               foreach($mime_types[$extension] as $each_mimetype) {
                  //If we have a match, we set the value to true and break the loop
                  if($each_mimetype==$each['type']) {
                     $valid_mimetype = true;
                     break;
                  }
               }

               if(!$valid_mimetype) {
                  die('Prevented an unwanted file upload attempt!');
               }
               unset($valid_mimetype);
            } else {
               if($mime_types[$extension]!=$each['type']) {
                  die('Prevented an unwanted file upload attempt!');
               }
            }
         } /*else { //Let's disable this for now
            //almost impossible with provided array, but we throw an error anyways
            die('Unknown file type');
         }*/
         unset($file_info,$extension);
      }
   }
   unset($mime_types);
}

0 replies

Hello ok but how do I turn off this.

0 replies

Comment out them will be the quickest way and you could suffer consequences of bad uploads k. Just a word of caution.

Place // in front of every die() like this

//die(...

0 replies

Hi, i have the same problem that users can't upload png or pdf or even jpg without getting the message that the attached file type isnt allowed. (and those files types are allowed in the settings).

So i will have to"outcomment" those die lines too with //

But question:
Isn't this a security risk or what could happen then in worst case?

Thanks

0 replies

Falk

answered 12 Feb 2014 at 01:52 PM

Super Admin

Read the thread mentioned here :https://www.php-fusion.co.uk/forum/viewthread.php?thread_id=32886&rowstart=40#post_187123 for further questions.

LOCKED ( We do not need the same discussions in multiple threads ).

Edited by N/A on 02-08-2014 19:54, 10 y

0 replies

Category Forum

System Administration - 8

Labels

None yet

Statistics

Views 0 views
Posts 6 posts
Votes 0 votes
Topic users 5 members

5 participants

Notifications

Track thread

You are not receiving notifications from this thread.

Prevented an unwanted file upload

6 posts

PHPFusion

Resources

Community

Development