Welcome, Guest
Username: Password: Remember me
Forgot your password? Forgot your username? Create an account
Forum
Debug
Closed tickets.
[FIXED] SECURITY: Missing index.html, on subfolders' path
  • Page:
  • 1

TOPIC:

SECURITY: Missing index.html, on subfolders' path 16 Sep 2013 11:06 #11103

In the case of a dynamic upload folder for a file, the default index.html is not checked on each subfolder of the path. it's only checked in the root file field folder.

1st example
field: image
rename filename rule: {BASE}.{EXT}

jcook-component behaviour:
if the "upload_dir_view_image" doesn't exist, it's created and the file index.html is created as well.
Everything is fine here.


2nd example
field: image
rename filename rule: mywhateverfolder/{ID}/{BASE}.{EXT}

jcook-component behaviour:
see behaviour 1st example. nothing changes.
the files are correctly uploaded into the folder: upload_dir_view_image/mywhateverfolder/{ID}/{BASE}.{EXT}

but ONLY the root folder (upload_dir_view_image) will have the index.html


fix:
modify the function process() in the file ROOT\administrator\components\com_component\classes\file\upload.php
	public function process()
	{
		$fileDest = $this->uploadFolder . $this->file->filename;
		
/* hack */
		$basedir = dirname($this->file->filename);
		
		if($basedir != '.'){
			$rootUploadFolder = $this->uploadFolder;
			while($basedir != '.'){
				$this->setUploadFolder($rootUploadFolder . $basedir);
				$basedir = dirname($basedir);
			}
			$this->uploadFolder = $rootUploadFolder;
		}
/* hack */

		if ( !move_uploaded_file($this->file->tmp, $fileDest))
			if(!JFile::upload($this->file->tmp, $fileDest))
				return false;

		//Protect file against execution
		@chmod($fileDest, JSHOP_UPLOAD_CHMOD_FILE);

		return true;
	}
The following user(s) said Thank You: admin

Please Log in or Create an account to join the conversation.

SECURITY: Missing index.html, on subfolders' path 23 Sep 2013 17:49 #11153

  • admin
  • admin's Avatar
  • Offline
  • Administrator
  • Administrator
  • Chef
  • Posts: 3711
  • Thank you received: 986
Fixed since 2.6 :
www.j-cook.pro/index.php/docs/versions/121-2-6
Coding is now a piece of cake

Please Log in or Create an account to join the conversation.
  • Page:
  • 1
Forum
Debug
Closed tickets.
[FIXED] SECURITY: Missing index.html, on subfolders' path
Time to create page: 0.056 seconds

I jumped and started to work on a demo component... but 2 days later this demo component became the real component. I just showed today the end result to my customer and he turned to me and said... "this is more than I expected"... All of this is because Cook did cut about 70% of my work and provided me more ways to improve the usability of the component. The end result was 17 tables all related between than to generate a full dashboard for the travel agents. Thanks for Cook developers for such great tool. This component would not be possible to be done at short time with all the features in it
Griiettner (Forum)  

Get Started

Log In Sign In