.exe files

theprogeekftw4717 · Mar 29, 2015

Well, we all know what you're meaning by that.
The only way to stop it is allowing all file types except .exe or let people upload it and just ignore them.

theprogeekftw4717 · Mar 29, 2015

Well, we get 1000s of them everyday and we cannot block them because there are legit .exe files like softwares etc..
But if you really need to do it, you'll have to edit the core files of the script to totally block it. I guess ysmods can help you with this.

ysmods · Mar 29, 2015

I'll need a couple of rows of the offending files from the database to be able to view the file type, file sizes (in bytes) to be able to do anything

ysmods · Mar 29, 2015

I have a working version which stops uploads of a particular filetype and between certain sizes (ie: will block if bigger than 143kb and smaller than 145kb, but will allow all other file types and sizes to upload).

theprogeekftw4717 · Mar 29, 2015

Here you come with another life saving help!

ysmods · Mar 29, 2015

Only 4 lines of code lol

I just need a couple of rows from the DB so I can set the file sizes and file type so I can tell you how to do it

Just an example using putty.exe as a test file.

Home page upload

Account Home upload

theprogeekftw4717 · Mar 29, 2015

Now gimme some of that code of yours you cheeky

ysmods · Mar 29, 2015

Download, backup and open /core/includes/uploader.class.php

Find:

Code:

if (!$fileUpload->error && $fileUpload->name)
{
	$fileUpload = $this->moveIntoStorage($fileUpload, $uploadedFile);
}

Add BEFORE

Code:

// Edit the 3 options in the line below within the single quotes '' to prevent file uploads
if($fileUpload->type == 'application/x-msdownload' && $fileUpload->size >= '454650' && $fileUpload->size <= '454660')
{
	$fileUpload->error = t('classuploader_kill_upload_error', 'The file you are uploading is not allowed to be uploaded to this site.');
}

$fileUpload->type == '' is the file mime type (not extension)
$fileUpload->size >= '' is the minimum file size in bytes that it checks.
$fileUpload->size <= '' is the maximum filesize in bytes that it checks.

ysmods · Mar 30, 2015

If you want to block multiple file mimetypes, you can do so by doing the following

Run this MySQL Query.

Code:

INSERT INTO site_config VALUES
(null, 'blocked_filetypes', '', 'The file mimetypes that are not allowed to be uploaded. (eg: image/jpeg will block all .jpg images). Separate items with a comma, without spaces.', '', 'string', 'File Uploads');

Open /core/includes/uploader.class.php
Find:

Code:

if (!$fileUpload->error && $fileUpload->name)
{
	$fileUpload = $this->moveIntoStorage($fileUpload, $uploadedFile);
}

Add ABOVE (If the file is below the code above, the file will upload as normal).

Code:

$blocked = explode(',', preg_replace('/\s+/', '', SITE_CONFIG_BLOCKED_FILETYPES));
if(!empty($blocked))
{
	foreach($blocked as $filetypes)
	{
		if($fileUpload->type == $filetypes)
		{
			$fileUpload->error = t('classuploader_kill_upload_error', 'The file you are uploading is not allowed to be uploaded to this site.');
		}			
	}
}

Mimetypes can be found here: http://www.sitepoint.com/web-foundations/mime-types-complete-list/

ysmods · Mar 30, 2015

Download, backup and open /core/includes/uploader.class.php

Find:

Code:

if (!$fileUpload->error && $fileUpload->name)
{
	$fileUpload = $this->moveIntoStorage($fileUpload, $uploadedFile);
}

Add BEFORE

Code:

// Edit the 3 options in the line below within the single quotes '' to prevent file uploads
if($fileUpload->type == 'application/x-msdownload' && $fileUpload->size <= '160000')
{
	$fileUpload->error = t('classuploader_kill_upload_error', 'The file you are uploading is not allowed to be uploaded to this site.');
}

ysmods · Apr 5, 2015

Your code is wrong because it works for me.

This code I can't see in the screenshot

Code:

if (!$fileUpload->error && $fileUpload->name)
{
	$fileUpload = $this->moveIntoStorage($fileUpload, $uploadedFile);
}

It should be

Code:

$fileUpload->error = $this->hasError($uploadedFile, $fileUpload, $error);
if (!$fileUpload->error)
{
	if (strlen(trim($fileUpload->name)) == 0)
	{
		$fileUpload->error = t('classuploader_filename_not_found', 'Filename not found.');
	}
}
elseif ((intval($size) == 0) && ($this->options['fail_zero_bytes'] == true))
{
	$fileUpload->error = t('classuploader_file_received_has_zero_size', 'File received has zero size. This is likely an issue with the maximum permitted size within PHP');
}
elseif (intval($size) > $this->options['max_file_size'])
{
	$fileUpload->error = t('classuploader_file_received_larger_than_permitted', 'File received is larger than permitted. (max [[[MAX_FILESIZE]]])', array('MAX_FILESIZE' => coreFunctions::formatSize($this->options['max_file_size'])));
}

// Edit the 3 options in the line below within the single quotes '' to prevent file uploads
if($fileUpload->type == 'application/x-msdownload' && $fileUpload->size <= '160000')
{
   $fileUpload->error = t('classuploader_kill_upload_error', 'The file you are uploading is not allowed to be uploaded to this site.');
}		

if (!$fileUpload->error && $fileUpload->name)
{
	$fileUpload = $this->moveIntoStorage($fileUpload, $uploadedFile);
}

// no error, add success html
if ($fileUpload->error === null)
{
	$fileUpload->success_result_html = self::generateSuccessHtml($fileUpload);
}
else
{
	$fileUpload->error_result_html = self::generateErrorHtml($fileUpload);
}

The code I provided MUST go before

Code:

if (!$fileUpload->error && $fileUpload->name)
{
	$fileUpload = $this->moveIntoStorage($fileUpload, $uploadedFile);
}

ysmods · Apr 5, 2015

PM Sent

ysmods · Apr 6, 2015

You wanted max of 150kb so I set it to 160kb

Change the 160000 to 170000 or 180000 on line 214 which will stop files smaller than 170kb or 180kb

.exe files

New Member

New Member

New Member

New Member

New Member

New Member

New Member

New Member

New Member

New Member

New Member

New Member

New Member

New Member

New Member

New Member

New Member

New Member

New Member

New Member