[MEDIUM:FIXED:1.0.11] Can't upload image

pcigre · **Posted:** Wed Aug 30, 2006 8:59 am

Description:
When wrinting newarticle, can't upload images. Popup returns no autorisation text.

Reported on:
1.0.11

Classification:
High coz now autors that doesn't have ftp accress can't post articles.

System info:
PHP built On: Linux vps.pcigre.com 2.6.9-022stab078.14-enterprise #1 SMP Wed Jul 19 14:35:02 MSD 2006 i686
Database Version: 4.1.21-standard
PHP Version: 4.4.4
Web Server: Apache
WebServer to PHP interface: apache2handler
Joomla! Version: Joomla! 1.0.11 Stable [ Sunbow ] 28 August 2006 20:00 UTC
User Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6) Gecko/20060728 Firefox/1.5.0.6

infograf768 · **Posted:** Wed Aug 30, 2006 9:12 am

I confirm you have first to apply the changes i.e. create the content item first.
Upload then works OK.

There is a known bug for banners uploading.
http://forum.joomla.org/index.php/topic,90039.0.html

pcigre · **Posted:** Wed Aug 30, 2006 9:21 am

It works when content is saved... Now need to crate announcment to all authors about this...

Thanks for hint.

infograf768 · **Posted:** Wed Aug 30, 2006 9:36 am

http://forum.joomla.org/index.php/topic ... #msg457639

Robin · **Joined:** Thu Aug 18, 2005 10:41 am **Posts:** 15089

[TAGGED: Q&T] Status > Under Review

Robin · **Joined:** Thu Aug 18, 2005 10:41 am **Posts:** 15089

Confirmed and added a bug tracker report: http://forge.joomla.org/sf/go/artf5780?nav=1

Shimon · **Posted:** Thu Aug 31, 2006 3:09 pm

Hi!

What is the reason to make admin first to save content item, next to upload images?

Here are few issues:

1. there is check for option and task from $_SESSION. So if you opened in one window already saved content item, next you open some component in another window (to copy and paste information for example) - seems that we'll get two problems at a time:
a. the wrong option and task! (do we need the check, if we get the wrong result?)
b. if the task of the last opened component is not 'edit' and is not 'editA' - the user will get error "You are not authorized to view this resource."

2. The message "You are not authorized to view this resource." is confusing users, as they are either used to upload and never got this message, or they are in status of admin or superadmin and they ARE authorized for such task.

3. If another component is using the STANDART Joomla! function to upload files, the user will get error "You are not authorized to view this resource." - the only one way to fix is to edit uploadimage.php (after every update?).

It's not a bug. It's just something new and is not usable at all.

It seems for me, that for example if you add the option to the Global Configuration, like 'allow users to upload files from nonsystem components', or something like that, and if you'll check for the usertype - the solution will be much more useful.

pcigre · **Posted:** Thu Aug 31, 2006 3:10 pm

It looks like its fixed in svn. Can someone post changes in files?

Shimon · **Posted:** Thu Aug 31, 2006 3:14 pm

Here is the last changed around 10 minutes ago code.

# Fixed [artf5780] : lack of 'new' task in allowed tasks check
# Fixed [artf5779] : lack of 'com_typedcontent' option in allowed options check
# Fixed [art5766] : Bannerupload failt

Code:

<?php
/**
* @version $Id$
* @package Joomla
* @copyright Copyright (C) 2005 Open Source Matters. All rights reserved.
* @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
* Joomla! is free software. This version may have been modified pursuant
* to the GNU General Public License, and as distributed it includes or
* is derivative of works licensed under the GNU General Public License or
* other free or open source software licenses.
* See COPYRIGHT.php for copyright notices and details.
*/

// Set flag that this is a parent file
define( "_VALID_MOS", 1 );

/** security check */
require( '../includes/auth.php' );
include_once ( $mosConfig_absolute_path . '/language/' . $mosConfig_lang . '.php' );

/*
* Stops file upload below /images/stories directory
* Added 1.0.11
*/
function limitDirectory( &$directory ) {
   if ( strpos($directory, '../') !== false ) {
      $directory = str_replace('../', '', $directory);
   }

   if ( strpos($directory, '..\\') !== false ) {
      $directory = str_replace('..\\', '', $directory);
   }
   
   if ( strpos($directory, ':') !== false ) {
      $directory = str_replace(':', '', $directory);
   }
   
   return $directory;
}

// limit access to functionality
$option = strval( mosGetParam( $_SESSION, 'option', '' ) );
$task    = strval( mosGetParam( $_SESSION, 'task', '' ) );

switch ($option) {
   case 'com_banners':
      break;      
      
   case 'com_categories':
   case 'com_content':
   case 'com_sections':
   case 'com_typedcontent':
      if ( $task != 'edit' && $task != 'editA' && $task != 'new' ) {
         echo _NOT_AUTH;
         return;
      }
      break;      
      
   default:
      echo _NOT_AUTH;
      return;
      break;      
}

$directory   = mosGetParam( $_REQUEST, 'directory', '');
$css       = mosGetParam( $_REQUEST, 't','');

$media_path   = $mosConfig_absolute_path.'/media/';

$userfile2      = (isset($_FILES['userfile']['tmp_name']) ? $_FILES['userfile']['tmp_name'] : "");
$userfile_name   = (isset($_FILES['userfile']['name']) ? $_FILES['userfile']['name'] : "");

limitDirectory( $directory );

// check to see if directory exists
if ( $directory != 'banners' && $directory != '' && !is_dir($mosConfig_absolute_path .'/images/stories/'. $directory)) {
   $directory    = '';
}
   
if (isset($_FILES['userfile'])) {
   if ($directory == 'banners') {
      $base_Dir = "../../images/banners/";
   } else if ( $directory != '' ) {
      $base_Dir = '../../images/stories/'. $directory;

      if (!is_dir($mosConfig_absolute_path .'/images/stories/'. $directory)) {
         $base_Dir    = '../../images/stories/';
         $directory    = '';
      }
   } else {
      $base_Dir = '../../images/stories/';
   }

   if (empty($userfile_name)) {
      echo "<script>alert('Please select an image to upload'); document.location.href='uploadimage.php';</script>";
   }

   $filename = split("\.", $userfile_name);

   if (eregi("[^0-9a-zA-Z_]", $filename[0])) {
      mosErrorAlert('File must only contain alphanumeric characters and no spaces please.');
   }

   if (file_exists($base_Dir.$userfile_name)) {
      mosErrorAlert('Image '.$userfile_name.' already exists.');
   }

   if ((strcasecmp(substr($userfile_name,-4),'.gif')) && (strcasecmp(substr($userfile_name,-4),'.jpg')) && (strcasecmp(substr($userfile_name,-4),'.png')) && (strcasecmp(substr($userfile_name,-4),'.bmp')) &&(strcasecmp(substr($userfile_name,-4),'.doc')) && (strcasecmp(substr($userfile_name,-4),'.xls')) && (strcasecmp(substr($userfile_name,-4),'.ppt')) && (strcasecmp(substr($userfile_name,-4),'.swf')) && (strcasecmp(substr($userfile_name,-4),'.pdf'))) {
      mosErrorAlert('The file must be gif, png, jpg, bmp, swf, doc, xls or ppt');
   }


   if (eregi('.pdf', $userfile_name) || eregi('.doc', $userfile_name) || eregi('.xls', $userfile_name) || eregi('.ppt', $userfile_name)) {
      if (!move_uploaded_file ($_FILES['userfile']['tmp_name'],$media_path.$_FILES['userfile']['name']) || !mosChmod($media_path.$_FILES['userfile']['name'])) {
         mosErrorAlert('Upload of '.$userfile_name.' failed');
      } else {
         mosErrorAlert('Upload of '.$userfile_name.' to '.$base_Dir.' successful', "window.close()");
      }
   } elseif (!move_uploaded_file ($_FILES['userfile']['tmp_name'],$base_Dir.$_FILES['userfile']['name']) || !mosChmod($base_Dir.$_FILES['userfile']['name'])) {
      mosErrorAlert('Upload of '.$userfile_name.' failed');
   } else {
      mosErrorAlert('Upload of '.$userfile_name.' to '.$base_Dir.' successful', "window.close()");
   }
      echo $base_Dir.$_FILES['userfile']['name'];
}

// css file handling
// check to see if template exists
if ( $css != '' && !is_dir($mosConfig_absolute_path .'/administrator/templates/'. $css .'/css/template_css.css' )) {
   $css    = 'joomla_admin';
} else if ( $css == '' ) {
   $css    = 'joomla_admin';
}

$iso = split( '=', _ISO );
// xml prolog
echo '<?xml version="1.0" encoding="'. $iso[1] .'"?' .'>';
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Upload a file</title>
</head>
<body>

<link rel="stylesheet" href="../templates/<?php echo $css; ?>/css/template_css.css" type="text/css" />
<form method="post" action="uploadimage.php" enctype="multipart/form-data" name="filename">

<table class="adminform">
<tr>
   <th class="title"> 
      File Upload : <?php echo $directory; ?>
   </th>
</tr>
<tr>
   <td align="center">
      <input class="inputbox" name="userfile" type="file" />
   </td>
</tr>
<tr>
   <td>
      <input class="button" type="submit" value="Upload" name="fileupload" />
      Max size = <?php echo ini_get( 'post_max_size' );?>
   </td>
</tr>
</table>

<input type="hidden" name="directory" value="<?php echo $directory;?>" />
</form>

</body>
</html>

Predator · **Posted:** Thu Aug 31, 2006 3:29 pm

Fixed in SVN

Shimon · **Posted:** Thu Aug 31, 2006 3:35 pm

Thanks to Predator and to facedancer for the fast bugfixing, I've checked on one of my websites - didn't get error message.

But still there are the same issues:l

Shimon wrote:

1. there is check for option and task from $_SESSION. So if you opened in one window already saved content item, next you open some component in another window (to copy and paste information for example) - seems that we'll get two problems at a time:
a. the wrong option and task! (do we need the check, if we get the wrong result?)
b. if the task of the last opened component is not 'edit' and is not 'editA' - the user will get error "You are not authorized to view this resource."

2. The message "You are not authorized to view this resource." is confusing users, as they are either used to upload and never got this message, or they are in status of admin or superadmin and they ARE authorized for such task.

3. If another component is using the STANDART Joomla! function to upload files, the user will get error "You are not authorized to view this resource." - the only one way to fix is to edit uploadimage.php (after every update?).

Also, could you give to admin an ability to change in preferences the which directories are not allowed to upload to, such as i have a component, uploading images to images/tiles, so I'm using the pathway ../tiles - i had to comment the part of code which is checking for the '../' in the pathway of upload.

And one more thing, seems to be a vulnerability.
If you are logged in the frontend and editing content - you are working with the component com_content - the same as in the backend, with the same task 'edit' - uploadimage.php allows you to upload files from the frontend even if you are not logged in the backend and even if your status is just 'Author'.

Code:

http://website.com/administrator/popups/uploadimage.php?directory=&t=joomla_admin

pcigre · **Posted:** Thu Aug 31, 2006 4:11 pm

Upload in backend now works fine. Thanks everyone.

edit: it would be nice that Known issues 1.0.11 Sunbow topic is being updated with links to fixes.

Robin · **Joined:** Thu Aug 18, 2005 10:41 am **Posts:** 15089

Hi,

I will be updating all Q&T topics tomorrow. I will add fixes to the known issue list as well.

Regards Robin

Shimon · **Posted:** Sun Sep 03, 2006 5:49 am

RobInk wrote:

Hi,

I will be updating all Q&T topics tomorrow. I will add fixes to the known issue list as well.

Regards Robin

Hi!

Is there any news? Any changes?

Robin · **Joined:** Thu Aug 18, 2005 10:41 am **Posts:** 15089

Hi,

No news yet, I'm depending on the Dev's to fix this

This file has been fixed already though so you should be able to get it here:
http://forge.joomla.org/integration/vie ... 2&view=log

lejovchina · **Joined:** Thu Aug 25, 2005 8:20 pm **Posts:** 143

Shimon wrote:

Here is the last changed around 10 minutes ago code.

# Fixed [artf5780] : lack of 'new' task in allowed tasks check
# Fixed [artf5779] : lack of 'com_typedcontent' option in allowed options check
# Fixed [art5766] : Bannerupload failt

Code:

<?php
/**
* @version $Id$
* @package Joomla
* @copyright Copyright (C) 2005 Open Source Matters. All rights reserved.
* @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
* Joomla! is free software. This version may have been modified pursuant
* to the GNU General Public License, and as distributed it includes or
* is derivative of works licensed under the GNU General Public License or
* other free or open source software licenses.
* See COPYRIGHT.php for copyright notices and details.
*/

// Set flag that this is a parent file
define( "_VALID_MOS", 1 );

/** security check */
require( '../includes/auth.php' );
include_once ( $mosConfig_absolute_path . '/language/' . $mosConfig_lang . '.php' );

/*
* Stops file upload below /images/stories directory
* Added 1.0.11
*/
function limitDirectory( &$directory ) {
   if ( strpos($directory, '../') !== false ) {
      $directory = str_replace('../', '', $directory);
   }

   if ( strpos($directory, '..\\') !== false ) {
      $directory = str_replace('..\\', '', $directory);
   }
   
   if ( strpos($directory, ':') !== false ) {
      $directory = str_replace(':', '', $directory);
   }
   
   return $directory;
}

// limit access to functionality
$option = strval( mosGetParam( $_SESSION, 'option', '' ) );
$task    = strval( mosGetParam( $_SESSION, 'task', '' ) );

switch ($option) {
   case 'com_banners':
      break;      
      
   case 'com_categories':
   case 'com_content':
   case 'com_sections':
   case 'com_typedcontent':
      if ( $task != 'edit' && $task != 'editA' && $task != 'new' ) {
         echo _NOT_AUTH;
         return;
      }
      break;      
      
   default:
      echo _NOT_AUTH;
      return;
      break;      
}

$directory   = mosGetParam( $_REQUEST, 'directory', '');
$css       = mosGetParam( $_REQUEST, 't','');

$media_path   = $mosConfig_absolute_path.'/media/';

$userfile2      = (isset($_FILES['userfile']['tmp_name']) ? $_FILES['userfile']['tmp_name'] : "");
$userfile_name   = (isset($_FILES['userfile']['name']) ? $_FILES['userfile']['name'] : "");

limitDirectory( $directory );

// check to see if directory exists
if ( $directory != 'banners' && $directory != '' && !is_dir($mosConfig_absolute_path .'/images/stories/'. $directory)) {
   $directory    = '';
}
   
if (isset($_FILES['userfile'])) {
   if ($directory == 'banners') {
      $base_Dir = "../../images/banners/";
   } else if ( $directory != '' ) {
      $base_Dir = '../../images/stories/'. $directory;

      if (!is_dir($mosConfig_absolute_path .'/images/stories/'. $directory)) {
         $base_Dir    = '../../images/stories/';
         $directory    = '';
      }
   } else {
      $base_Dir = '../../images/stories/';
   }

   if (empty($userfile_name)) {
      echo "<script>alert('Please select an image to upload'); document.location.href='uploadimage.php';</script>";
   }

   $filename = split("\.", $userfile_name);

   if (eregi("[^0-9a-zA-Z_]", $filename[0])) {
      mosErrorAlert('File must only contain alphanumeric characters and no spaces please.');
   }

   if (file_exists($base_Dir.$userfile_name)) {
      mosErrorAlert('Image '.$userfile_name.' already exists.');
   }

   if ((strcasecmp(substr($userfile_name,-4),'.gif')) && (strcasecmp(substr($userfile_name,-4),'.jpg')) && (strcasecmp(substr($userfile_name,-4),'.png')) && (strcasecmp(substr($userfile_name,-4),'.bmp')) &&(strcasecmp(substr($userfile_name,-4),'.doc')) && (strcasecmp(substr($userfile_name,-4),'.xls')) && (strcasecmp(substr($userfile_name,-4),'.ppt')) && (strcasecmp(substr($userfile_name,-4),'.swf')) && (strcasecmp(substr($userfile_name,-4),'.pdf'))) {
      mosErrorAlert('The file must be gif, png, jpg, bmp, swf, doc, xls or ppt');
   }


   if (eregi('.pdf', $userfile_name) || eregi('.doc', $userfile_name) || eregi('.xls', $userfile_name) || eregi('.ppt', $userfile_name)) {
      if (!move_uploaded_file ($_FILES['userfile']['tmp_name'],$media_path.$_FILES['userfile']['name']) || !mosChmod($media_path.$_FILES['userfile']['name'])) {
         mosErrorAlert('Upload of '.$userfile_name.' failed');
      } else {
         mosErrorAlert('Upload of '.$userfile_name.' to '.$base_Dir.' successful', "window.close()");
      }
   } elseif (!move_uploaded_file ($_FILES['userfile']['tmp_name'],$base_Dir.$_FILES['userfile']['name']) || !mosChmod($base_Dir.$_FILES['userfile']['name'])) {
      mosErrorAlert('Upload of '.$userfile_name.' failed');
   } else {
      mosErrorAlert('Upload of '.$userfile_name.' to '.$base_Dir.' successful', "window.close()");
   }
      echo $base_Dir.$_FILES['userfile']['name'];
}

// css file handling
// check to see if template exists
if ( $css != '' && !is_dir($mosConfig_absolute_path .'/administrator/templates/'. $css .'/css/template_css.css' )) {
   $css    = 'joomla_admin';
} else if ( $css == '' ) {
   $css    = 'joomla_admin';
}

$iso = split( '=', _ISO );
// xml prolog
echo '<?xml version="1.0" encoding="'. $iso[1] .'"?' .'>';
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Upload a file</title>
</head>
<body>

<link rel="stylesheet" href="../templates/<?php echo $css; ?>/css/template_css.css" type="text/css" />
<form method="post" action="uploadimage.php" enctype="multipart/form-data" name="filename">

<table class="adminform">
<tr>
   <th class="title"> 
      File Upload : <?php echo $directory; ?>
   </th>
</tr>
<tr>
   <td align="center">
      <input class="inputbox" name="userfile" type="file" />
   </td>
</tr>
<tr>
   <td>
      <input class="button" type="submit" value="Upload" name="fileupload" />
      Max size = <?php echo ini_get( 'post_max_size' );?>
   </td>
</tr>
</table>

<input type="hidden" name="directory" value="<?php echo $directory;?>" />
</form>

</body>
</html>

In which file is this supposed to go?

Ljv.

Shimon · **Posted:** Mon Sep 04, 2006 1:26 pm

lejovchina wrote:

In which file is this supposed to go?

In administrator/popups/uploadimage.php

Muneo · **Posted:** Wed Sep 06, 2006 3:28 pm

I detected the uploadimage.php is used in many other components (like artbanners), so this "default" in "switch" it's too specific.
I changed:
line 59: (now it's detected when request comes from all component)

Code:

default:
    $opt = explode("_", $option); 
    $pos = strpos("com", $opt[0]);
    if($pos === false){ //if option comes "com" in name
        echo _NOT_AUTH;
        return;
    }

line ~124:

Code:

} else {
    chmod($base_Dir.$_FILES['userfile']['name'], 0644); //correct chmod - in some cases, chmod set 600 when upload the file...
    mosErrorAlert('Upload of '.$userfile_name.' to '.$base_Dir.' successful', "window.close()");
}

Could someone validate my code?

pstill · **Joined:** Wed Sep 06, 2006 1:34 pm **Posts:** 1

New addition to the "can't upload" and "restricted access" - I use a 3rd party plugin for an editor, wysiwygpro.com, and with all other version's uploading images within it, adding links, etc. was perfect - when ever I use it now to try and upload an image, or create a link, the popup sales "restricted access" --- help.

midway31 · **Joined:** Thu Jul 13, 2006 3:17 am **Posts:** 19

Tried that although I am not sure what to do . I assume you mean swap line 59 for the code you posted, but not sure if you mean replace line 124 for code you posted. Also do I need to do any thing else besides just replace code?
When i do the above i get this message
Parse error: syntax error, unexpected $end in /home/oh/public_html/administrator/popups/uploadimage.php on line 175

Muneo · **Posted:** Wed Sep 06, 2006 11:45 pm

I just add:

Code:

chmod($base_Dir.$_FILES['userfile']['name'], 0644);

Because, in my case, the uploaded file have 600 (chmod), so this line, correct the permission...
Well, this is my uploadimage.php

Code:

<?php
/**
* @version $Id: uploadimage.php 4866 2006-08-31 15:02:22Z facedancer $
* @package Joomla
* @copyright Copyright (C) 2005 Open Source Matters. All rights reserved.
* @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
* Joomla! is free software. This version may have been modified pursuant
* to the GNU General Public License, and as distributed it includes or
* is derivative of works licensed under the GNU General Public License or
* other free or open source software licenses.
* See COPYRIGHT.php for copyright notices and details.
*/

// Set flag that this is a parent file
define( "_VALID_MOS", 1 );

/** security check */
require( '../includes/auth.php' );
include_once ( $mosConfig_absolute_path . '/language/' . $mosConfig_lang . '.php' );

/*
* Stops file upload below /images/stories directory
* Added 1.0.11
*/
function limitDirectory( &$directory ) {
   if ( strpos($directory, '../') !== false ) {
      $directory = str_replace('../', '', $directory);
   }

   if ( strpos($directory, '..\\') !== false ) {
      $directory = str_replace('..\\', '', $directory);
   }
   
   if ( strpos($directory, ':') !== false ) {
      $directory = str_replace(':', '', $directory);
   }
   
   return $directory;
}

// limit access to functionality
$option = strval( mosGetParam( $_SESSION, 'option', '' ) );
$task    = strval( mosGetParam( $_SESSION, 'task', '' ) );

switch ($option) {
   case 'com_banners':
      break;      
      
   case 'com_categories':
   case 'com_content':
   case 'com_sections':
   case 'com_typedcontent':
      if ( $task != 'edit' && $task != 'editA' && $task != 'new' ) {
         echo _NOT_AUTH;
         return;
      }
      break;      
      
   default:
      $opt = explode("_", $option);
      $pos = strpos("com", $opt[0]);
      if($pos === false){
         echo _NOT_AUTH;
         return;
      }      
}

$directory   = mosGetParam( $_REQUEST, 'directory', '');
$css       = mosGetParam( $_REQUEST, 't','');

$media_path   = $mosConfig_absolute_path.'/media/';

$userfile2      = (isset($_FILES['userfile']['tmp_name']) ? $_FILES['userfile']['tmp_name'] : "");
$userfile_name   = (isset($_FILES['userfile']['name']) ? $_FILES['userfile']['name'] : "");

limitDirectory( $directory );

// check to see if directory exists
if ( $directory != 'banners' && $directory != '' && !is_dir($mosConfig_absolute_path .'/images/stories/'. $directory)) {
   $directory    = '';
}
   
if (isset($_FILES['userfile'])) {
   if ($directory == 'banners') {
      $base_Dir = "../../images/banners/";
   } else if ( $directory != '' ) {
      $base_Dir = '../../images/stories/'. $directory;

      if (!is_dir($mosConfig_absolute_path .'/images/stories/'. $directory)) {
         $base_Dir    = '../../images/stories/';
         $directory    = '';
      }
   } else {
      $base_Dir = '../../images/stories/';
   }

   if (empty($userfile_name)) {
      echo "<script>alert('Please select an image to upload'); document.location.href='uploadimage.php';</script>";
   }

   $filename = split("\.", $userfile_name);

   if (eregi("[^0-9a-zA-Z_]", $filename[0])) {
      mosErrorAlert('File must only contain alphanumeric characters and no spaces please.');
   }

   if (file_exists($base_Dir.$userfile_name)) {
      mosErrorAlert('Image '.$userfile_name.' already exists.');
   }

   if ((strcasecmp(substr($userfile_name,-4),'.gif')) && (strcasecmp(substr($userfile_name,-4),'.jpg')) && (strcasecmp(substr($userfile_name,-4),'.png')) && (strcasecmp(substr($userfile_name,-4),'.bmp')) &&(strcasecmp(substr($userfile_name,-4),'.doc')) && (strcasecmp(substr($userfile_name,-4),'.xls')) && (strcasecmp(substr($userfile_name,-4),'.ppt')) && (strcasecmp(substr($userfile_name,-4),'.swf')) && (strcasecmp(substr($userfile_name,-4),'.pdf'))) {
      mosErrorAlert('The file must be gif, png, jpg, bmp, swf, doc, xls or ppt');
   }


   if (eregi('.pdf', $userfile_name) || eregi('.doc', $userfile_name) || eregi('.xls', $userfile_name) || eregi('.ppt', $userfile_name)) {
      if (!move_uploaded_file ($_FILES['userfile']['tmp_name'],$media_path.$_FILES['userfile']['name']) || !mosChmod($media_path.$_FILES['userfile']['name'])) {
         mosErrorAlert('Upload of '.$userfile_name.' failed');
      } else {
         mosErrorAlert('Upload of '.$userfile_name.' to '.$base_Dir.' successful', "window.close()");
      }
   } elseif (!move_uploaded_file ($_FILES['userfile']['tmp_name'],$base_Dir.$_FILES['userfile']['name']) || !mosChmod($base_Dir.$_FILES['userfile']['name'])) {
      mosErrorAlert('Upload of '.$userfile_name.' failed');
   } else {
      chmod($base_Dir.$_FILES['userfile']['name'], 0644);
      mosErrorAlert('Upload of '.$userfile_name.' to '.$base_Dir.' successful', "window.close()");
   }
      echo $base_Dir.$_FILES['userfile']['name'];
}

// css file handling
// check to see if template exists
if ( $css != '' && !is_dir($mosConfig_absolute_path .'/administrator/templates/'. $css .'/css/template_css.css' )) {
   $css    = 'joomla_admin';
} else if ( $css == '' ) {
   $css    = 'joomla_admin';
}

$iso = split( '=', _ISO );
// xml prolog
echo '<?xml version="1.0" encoding="'. $iso[1] .'"?' .'>';
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Upload a file</title>
</head>
<body>

<link rel="stylesheet" href="../templates/<?php echo $css; ?>/css/template_css.css" type="text/css" />
<form method="post" action="uploadimage.php" enctype="multipart/form-data" name="filename">

<table class="adminform">
<tr>
   <th class="title"> 
      File Upload : <?php echo $directory; ?>
   </th>
</tr>
<tr>
   <td align="center">
      <input class="inputbox" name="userfile" type="file" />
   </td>
</tr>
<tr>
   <td>
      <input class="button" type="submit" value="Upload" name="fileupload" />
      Max size = <?php echo ini_get( 'post_max_size' );?>
   </td>
</tr>
</table>

<input type="hidden" name="directory" value="<?php echo $directory;?>" />
</form>

</body>
</html>

midway31 · **Joined:** Thu Jul 13, 2006 3:17 am **Posts:** 19

That worked thanks.
I set it to 777.Not sure if it should be 766 as no-one else needs to upload images though.
Only problem is the images are not showing in the adbanners plus banners. But they are uploading into the joomla banners folder

Robin · **Joined:** Thu Aug 18, 2005 10:41 am **Posts:** 15089

Q&T Note; can we please stay on topic, only reply here if it is really related to the bug. Not add personal problems, replies etc. Thanks.

Robin · **Joined:** Thu Aug 18, 2005 10:41 am **Posts:** 15089

Classification set to MEDIUM

Edit; Fix has been tested and approved by Q&T, artifact was already closed, also closing forum topic and moving it to Resolved.

Joomla! Discussion Forums

[MEDIUM:FIXED:1.0.11] Can't upload image

Quick reply

Who is online