PDFs (And other files) dont upload in Joomla 3.7.1 #16086
Comments
This comment was marked as abuse.
This comment was marked as abuse.
|
Please check the allowed mine types as we now force to check on that. |
|
I have application/pdf listed in the allowed MIME types. I could upload pdfs just fine before I upgraded to 7.1 |
|
please try your file against this checker: http://mime.ritey.com/ and told us the result. |
|
File results The MIME type for your file is: application/pdf |
|
Do you not get that error when you try to upload pdfs zero? |
This comment was marked as abuse.
This comment was marked as abuse.
|
Having same issue with pdf files - checked all the settings ...only way i was able to get it to upload a pdf through Media Manager was Joomla was updated this morning and issue started. This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/16086. |
This comment was marked as abuse.
This comment was marked as abuse.
|
systeminfo-2017-05-17T15-52-33+00-00.txt This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/16086. |
|
Please add |
This comment was marked as abuse.
This comment was marked as abuse.
|
Removed the pdf from ignored extensions - added application/octet-stream - tested uploading a pdf through Media Manager - Success! This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/16086. |
This comment was marked as abuse.
This comment was marked as abuse.
|
File results This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/16086. |
|
ok found the problem. it is about the ordering of the options to check. We should first check here: https://github.com/joomla/joomla-cms/blob/staging/libraries/cms/helper/media.php#L81 and than the other. Or implement some kind of checks for I can do a PR when i'm back at home. |
|
Questions: Why would adding the "application/octet-stream" to Legal MIME Types affect pdf upload in Media Manager since "application/pdf" was allowed already and is there a Security Risk adding "application/octet-stream" to the Legal MIME Types? This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/16086. |
|
Thanks Zero and Phil This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/16086. |
|
@tpaljr63 actually is not Joomla but the server (apache I guess) that is missing some vital info (mimes): http://stackoverflow.com/questions/13847234/apache2-server-mime-types |
saddly not http://php.net/manual/en/function.exif-imagetype.php can only detect image mimes. So it fails on PDF files or similiar and return the |
|
Sorry for my ignorance...what is the solution? Do I have to add
application/octet-stream to all my websites or will there be a Joomla
update to fix this?
Eric Schuster
Fresh Look Web Design
757.646.7908
[email protected]
www.freshlookwebdesign.com
…On Wed, May 17, 2017 at 1:11 PM, zero-24 ***@***.***> wrote:
actually is not Joomla but the server (apache I guess) that is missing
some vital info (mimes):
saddly not http://php.net/manual/en/function.exif-imagetype.php can only
detect image mimes. So it fails on PDF files or similiar and return the
application/octet-stream.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#16086 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AbbZy5RaIMu19b23YnyLNUa24lOQnM-Rks5r6ypCgaJpZM4NeCo2>
.
|
This comment was marked as abuse.
This comment was marked as abuse.
|
Thanks guys. With this bug, is it wise for me to delay upgrading all 60+ of
my websites to 7.1? Could I just wait for 3.7.2?
Eric Schuster
Fresh Look Web Design
757.646.7908
[email protected]
www.freshlookwebdesign.com
…On Wed, May 17, 2017 at 2:20 PM, Phil Taylor ***@***.***> wrote:
This will be looked at, and then a Pull Request made to fix this
behaviour, and that, if tested, will make it into Joomla 3.7.2
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#16086 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AbbZy55ygInU3spl-0E7mXDNqNYA-od0ks5r6zp_gaJpZM4NeCo2>
.
|
This comment was marked as abuse.
This comment was marked as abuse.
|
If you can risk getting hacked, feel free to delay upgrading to 3.7.1 😈 |
|
Please check: #16091 and sorry for any inconvenience |
This comment was marked as abuse.
This comment was marked as abuse.
|
What just helped me with other uploads after 3.7.1.: Administrator > Content > Media > Options > Check MIME Types > No |
This comment was marked as abuse.
This comment was marked as abuse.
Sure you disable all security checks but it woud help if you could check the patch. At #16091 that should fix the issue. Thanks |
THANKS! |
Did you tested the Patch? What was the result? |
No, I did not, too complex for me, I am afraid. Just thank you for explaining that my "fix" is dangerous. :-) Switching Check MIME Types > Yes. Cannot wait for new update. |
Got it, switching back to Yes :-) |
|
I just tested the patch (3files in #16091), and I can confirm a successful upload (jpg, png, pdf). |
|
Set to "closed" on behalf of @franz-wohlkoenig by The JTracker Application at issues.joomla.org/joomla-cms/16086 |
|
closed as having PR #16091 This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/16086. |
|
I am stil having issues with this. Have updated to 3.72 running php 7.0.15. |
This comment was marked as abuse.
This comment was marked as abuse.
|
Oke, now we are more then a year further in time, and still this problem is there. I have Joomla! 3.8.6 and can't upload a PDF. I have added application/octet-stream and even set the check mimetype to NO, but still the media manager keeps saying that it's a wrong image. Is there another solution? |
|
I have arrived here with the same problem, I can confirm @edthenet s assertion that adding application/octet-stream doesn't solve the issue. |
|
I have no idea how the Joomla developers consider this CLOSED. But I can tell you a workaround acceptable to some non-technical content contributors: If you use JCE, you can use the LINK editor function, which allows you to browse and upload a PDF to the very same area that was determined "illegal". Go figure. Hopefully they won't take this away. :D
|
This comment was marked as abuse.
This comment was marked as abuse.
This comment was marked as abuse.
This comment was marked as abuse.
This comment was marked as abuse.
This comment was marked as abuse.
|
yes as you said there is the topic of
but the problem of @uglyeoin and @goforitweb
Uploaded files are always treated as text even if they are binary etc The larger the file is the bigger chance you have a having a false positive public static function upload($src, $dest, $use_streams = false, $allow_unsafe = false, $safeFileOptions = array())and JCE runs with $allow_unsafe = true if (JFile::upload($src, $dest, $use_streams = false, $allow_unsafe = false)) {Relevant issues zips are not uncompressed but still they are scanned as text files |
|
“This was closed as there is nothing else to fix in Joomla.” -- @PhilETaylor I respectfully disagree. An application developer's job is to provide a solution – whether it be Media Manager or something else – as a means of uploading PDFs … unless you are saying that you are completely against PDFs being on a website at all. And if that’s the case, SAY IT! And while you're at it - tell people what content contributors should use as a document object/method instead. You're not leaving us with a solution or guidance. The threads here a read by few, and it's way down in the weeds. Obviously JCE goes around Joomla’s methods because people wanted a way, and Joomla wanted us to be safe. While it may not be ideal, and may be true, JCE is a lot closer to a user-friendly method. |
Nobody's saying that. What is being said is that Joomla must be explicitly configured to support PDF uploads for various reasons and that we are not enabling this out-of-the-box. Extensions may be bypassing the Joomla upload checks, which is fine if they are doing their own checks. That's all it boils down to. The absolute safest file upload method is to send the file to an authorized individual to perform a rudimentary virus scan and FTP upload. As a security measure, Joomla does not just arbitrarily allow any user to upload any file, there are checks in place to try and safely limit what kinds of files can be uploaded through the application since it cannot do an in-depth file scan like an offline scanner would to ensure you aren't uploading something malicious. |
|
So I'm telling my non-technical content contributors (the clients!) to "send the file to an authorized individual (me??) to perform a rudimentary virus scan and FTP upload?" Exactly how do I do that with a straight face? 🗡️ |
|
I said that's the safest, not that it would be the best option for everyone. File uploads are an inherent security risk in any application and if you're supporting them generally there should be explicit configuration about who can do them and what types of files are allowed (with appropriate server side checks before processing the upload). All I can do is say why we have our code set up in the way we do and why extensions which bypass those checks or other CMS' which don't make checks at all might be problematic down the road (not to say that any Joomla extension which bypasses the core upload processing is unsafe, they can be performing their own checks separately, I don't know the code of every extension and can't speak on it without proper audits). |
|
I understand your point of view, i.e. of the developer. I really do. I used to be one many moons ago. :D But you also know that DropBox still has ~45% of the market share with its shoddy security despite losing masssive amounts to its competitors. I won't even mention WP. Oops! I think the happy medium here is to provide visible guidance (possibly in the Media Manager?) where content contributors learn and decide which route they want to take. Leaving it up to the front line support people to do the unenviable task of explaining the almost-unexplainable is Chicken $hit. We're your promoters! Why hang us? Show the right way. Design a real solution and then market the difference! |
|
I added one more solution #20968 |
Placeholder issue to catch trending issues with Joomla 3.7.1 & incoming reports with regards to uploading issues due to new mime checks
If you are having an issue with PDFs (And other files) not uploading in Joomla 3.7.1 DONT start a new issue, post here,
Please provide a FULL file of your system information from the system information page of Joomla admin (Download as text)
The text was updated successfully, but these errors were encountered: