News:

Support for jDownloads 3 has been ended
Since 17 August 2023 Joomla.org has discontinued support for Joomla 3.x. Therefore, we will no longer offer official support for our Joomla 3 jDownloads version 3.9.x from January 2024.
Please update your website to the latest Joomla version (Joomla 4 or Joomla 5) as soon as possible. Afterwards, please update jDownloads to the latest published version. The longer you delay, the more difficult the upgrade process for your website is likely to be.

Main Menu
Support-Forum

Backend uploads require upload directory within JPATH_ROOT

Started by dr236, 14.06.2017 13:00:26

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

dr236

14.06.2017 13:00:26
(Not sure if a bug.) It looks like jd's "Upload Files" via the backend requires that the upload directory lives within JPATH_ROOT, due to the call
  $targetDirCleaned  = JPath::check($targetDirWithSep);
within administrator/components/com_jdownloads/controllers/uploads.php:upload.

But this isn't checked for when the upload directory is configured in jd's "Upload directory path". Also the "auto discovery" of new files manually uploaded to the jdownloads upload area, and the front-end upload procedure do not check for this.

Could I suggest this check isn't done, as there are good reasons to have the upload directory outside of JPATH_ROOT.

Thanks,
David
  •  

ColinM

#1
14.06.2017 15:28:09
David,
Think you are right but need to check with Arno.  JPath::check($targetDirWithSep);  will clean up the path if possible and also check that the path is in the scope of the Joomla root.

Using JPath::clean   just cleans up the directory string if possible.  So maybe

  $targetDirCleaned  = JPath::clean($targetDirWithSep);
would be OK.

But maybe there is a specific reason for the 'check' function because of the use of Plupload.
Colin
Colin M
  •  
Print
Go Up Pages1
User actions