Support » Plugin: Upload Widget » Allows ALL files incl. exe

  • no matter what you do *.jpg or what ever, still allows .exe and all other danger files to upload

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author monpelaud

    (@monpelaud)

    Hi,
    Do you mean that when you allow only *.jg you can upload *.exe files ?
    Please can you explain me how you do ?

    Best regards

    There is not much to explain. I type in the allowed files, basicly only pictures file like *.jpg,*.png, and so on.
    It did work for a few days and then suddenly all files where allowed and no settings where changed in the widget. I never touched any code.
    So if somebody went to select, a popup browser from their computer showup and normally it just shows the pictures file also at the bottom no additional options. Well it just changed, and all files where visible and uploadable.
    That is all I can say, so I of course stop using it (to dangerous).
    I even deleted it and re-installed , but same results.
    I now use FTP-upload, towards a special folder, which is unreachable for everybody after upload only me on my private server. The folder is outside of any domain. Only my direct ftp access can access it.

    Regards, Ron

    Hopefully this old topic is not closed.
    ronthal:
    “…no settings were changed in the widget.”

    Ok, so you are using a widget. Could you specify which one?

    Also, Where do you “type in the allowed files…”?

    I’m having a similar problem. I can upload a zip file as far as it doesn’t contain a .exe inside. I want to remove it after upload, or just to skip it from unzipping, but it doesn’t even get to the end of the unzip process.

    When I do a var_dump for get_allowed_mime_types() I can see application/exe in there but still the unzipping process stops, no errors.

    Did you find out something I can use?

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Allows ALL files incl. exe’ is closed to new replies.