BUG ERROR: UPLOAD ZIP, RAR FILES

Hi.

I have a problem with upload zip or rar files.
I add zip to the supported extension in admin panel and I set 0 or 30000KB as limit to files upload.
When I upload with form files like jpg, bmp, png, tiff etc. (files large 40MB and larger) everything is ok, and files are upload corretly.
When I send form with zip files, when the zip size is less than 5MB, form are send corretly, but when the zip file is larger than 5MB, I reseived message:



my php setting are: http:/***.it/info.php
Thank You for Your help.

Hi,

I the upload works with large images, it is most probably not a problem of Visforms but a setting in your php.ini or some other restrictions of your provider, that prevents uploads of large zip files. Could you please ask there?

Regards,
Aicha

my provider has just answered that the only parameters in the php.ini file size are:
upload_max_filesize 128M
post_max_size 128M
memory_limit 128M

you can check this here: www.***.it/info.php

Hi,

what is your Visforms Version?

What does "Indica il file de caricare" mean?

Regards,
Aicha

it means: "choose the file to upload"

my version is: 3.6.9 with joomla 3.4.8, php 5.4.36-1, sql 5.5.38-1.

thx for your support.

Hi,

ok, this is a bit complicated.

Joomla! itself goes through a lot of trouble to prevent the upload of files which might potentially be unsafe.
Zip files are one of those file types and using the Joomla! core functions without further options, a zip-file is checked several times for potential unsafe content.

If a zip file contains executables (like .php files or jar or py or inc...) upload is prevented by Joomla! unless it is explicitely stated, that you want to allow the upload those zip files as well. So first of all the upload in your test does not fail because of the size of the file but because of it's content.

I didn't realize this restrictions before in this details, only used the Joomla! Core functions in order to deliver save code. But actually I think this is very reasonable and the aim of core functions is, to make the live of a developer easier (make it easy to deliver save code) and don't bother him to much with very specific details. Because allowing the update of zip files that contain executables may really be dangerous and should only be allowed if you know what you do!

Make the upload of zip files, that contains file types which are on the "unsafe" list of Joomla!, possible in Visforms would need a lot of additional options, because I would not like to simply enable the upload of zip files for everybody who enters the "zip" in the list of allowed extensions. Maybe I can implement that in the future but not before I know exactly how I want to handle security risks.

If you want to do it anyway you have to change the source code in one Visforms files at two lines.

It's the Change (line 508) to Change (line 559) to
This will prevent Joomla! from checking the type of files in zips and allow the upload with all potential risks.
Please remove the link to the image with your php setting information. I do not need this any longer and I think this is information which should stay private.

Regards,
Aicha