Welcome, Guest
Username: Password: Remember me
Forgot your password? Forgot your username? Create an account
Forum
Debug
Closed tickets.
[FIXED] SECURITY: Missing index.html, on subfolders' path
  • Page:
  • 1

TOPIC:

SECURITY: Missing index.html, on subfolders' path 16 Sep 2013 11:06 #11103

In the case of a dynamic upload folder for a file, the default index.html is not checked on each subfolder of the path. it's only checked in the root file field folder.

1st example
field: image
rename filename rule: {BASE}.{EXT}

jcook-component behaviour:
if the "upload_dir_view_image" doesn't exist, it's created and the file index.html is created as well.
Everything is fine here.


2nd example
field: image
rename filename rule: mywhateverfolder/{ID}/{BASE}.{EXT}

jcook-component behaviour:
see behaviour 1st example. nothing changes.
the files are correctly uploaded into the folder: upload_dir_view_image/mywhateverfolder/{ID}/{BASE}.{EXT}

but ONLY the root folder (upload_dir_view_image) will have the index.html


fix:
modify the function process() in the file ROOT\administrator\components\com_component\classes\file\upload.php
	public function process()
	{
		$fileDest = $this->uploadFolder . $this->file->filename;
		
/* hack */
		$basedir = dirname($this->file->filename);
		
		if($basedir != '.'){
			$rootUploadFolder = $this->uploadFolder;
			while($basedir != '.'){
				$this->setUploadFolder($rootUploadFolder . $basedir);
				$basedir = dirname($basedir);
			}
			$this->uploadFolder = $rootUploadFolder;
		}
/* hack */

		if ( !move_uploaded_file($this->file->tmp, $fileDest))
			if(!JFile::upload($this->file->tmp, $fileDest))
				return false;

		//Protect file against execution
		@chmod($fileDest, JSHOP_UPLOAD_CHMOD_FILE);

		return true;
	}
The following user(s) said Thank You: admin

Please Log in or Create an account to join the conversation.

SECURITY: Missing index.html, on subfolders' path 23 Sep 2013 17:49 #11153

  • admin
  • admin's Avatar
  • Offline
  • Administrator
  • Administrator
  • Chef
  • Posts: 3711
  • Thank you received: 986
Fixed since 2.6 :
www.j-cook.pro/index.php/docs/versions/121-2-6
Coding is now a piece of cake

Please Log in or Create an account to join the conversation.
  • Page:
  • 1
Forum
Debug
Closed tickets.
[FIXED] SECURITY: Missing index.html, on subfolders' path
Time to create page: 0.075 seconds

Freakin' Awesome!!! J-Cook is simply awesome - whether you're a highly experienced developer or complete novice whether you're building a small inventory component or a complete community solution! The beauty comes from a fast slick and reliable platform that readily provides developers with everything they'll need to build the backbone of a solid and secure component with wizards for authoring access publishing aliasing created/modified by dates... you name it COOK provides it! J-Cook really surpasses all of the 'competition' as far as MVC tools are concerned! Try love it and get cooking!
learnthrusong (JED)
          

Get Started

Log In Sign In