Version 1.3.5 is tested and verified on Joomla 3.3!
!!!Security Release 2012-01-02!!!
JED found an exploit in the code where they managed to upload a file named "file.php5". Unfortunately I had not added php5 to the blocked extensions list but now (version 1.3.5) it is added along with .php6 and an extra check to see if ".php" exists in the file-name!
Please make sure to update to version 1.3.5 as soon as possible!
UPDATE 2010-01-04: To be even more on the safe side I have now added code to inspect GIF comments. There is a new option called "Block PHP GIF comments" in the settings which is default set to "Yes" which will read any GIF comment and block the upload if the comment contains any PHP code!
It includes the following key features:
- Multiple modules on the same page with different settings
- "Add Note" to uploaded files
- Image re-size
- Automated thumbnail creation for images
- Image compress for JPEG and PNG
- Now supports both "User Named Directory" and "User Defined Directory"! (see below)
- List files in upload directory in pop-up (FancyBox)
- Multiple files upload
- Notification e-mail
- And more...
- Integrated Ajax in Joomla framework
- "Blacklist" of extensions (threat-protection)
- Multi select file browser for FireFox 3.6+ versions
- Info popup-box now contains the link (URL)
- URL attached in e-mail notice
- Redirect option after uploading
- User Named Directory: You can set a root path for User Named Directories, e.g. "/home/users/" and then select which users should have the option to use the directory.
- User Defined Directory: You can select from the list of users and add custom directory paths for the user.
- Multiple choice of upload paths added. If a users has "User Named Directory" and/or "User Defined Directory" the user will get a pop-up box asking for the directory to upload to.
- List files option from upload directory in "pop-up"
- Form Fields can now be collected into the same file. A few JED Image Galleries are using a parameter file for labels/description of images.
- Multiple languages.
Joomla 3.0 is now supported!
User Named Directories and User Defined Directories now also works on Joomla 3.+!
In few minutes was able to make it work, and in a less then an hour integrated it in independent submission form - something that if you are a professional developer is a MUST.
Just have one thing on mind, there are few jQuery library loading options, and for sure one of them will feet your needs, don't hesitate!
Beside that, there is something that I really appreciate from extensions developers, the support. And I can tell you that Anders is a very resolutive and friendly developer, I recommend you to contact him, at least, to tell him "Thanks!", he will appreciate it. :)
I wish more extension authors would use MooTools, but beggars cant be choosers.
It was free so I won't complain. I also did not pursue help. May give this another whirl later.
I am sorry to hear you couldn't get it working... :(
9 out of 10 requests for help I get is related to jQuery (which you seem to suspect). I have included options to turn off jQuery loading and "no-conflict" handling in the options.
As many developers include jQuery inline there is also an option to include the dependencies for SFU as inline.
Mootools is great but unfortunately it lacks some functionality I need and the thick-box is quite limited...
I try to help out as best I can and I am sorry to see you didn't even bother contacting me before giving up...
Well, I hope you find something that works for you and if you want to give SFU a shot I am here to help...
Easy to configure.
The only think I had to do is to change the post_max_size to get uploaded mp3 files bigger then 8MB.
There was no error information there. So if the script stops and you don't get a message just check this PHP parameter in your Joomla installation.
Thank you Andres for this great job :)
Packed with features, 100% functional and easy customizable through CSS, it is a winner in the category!
I would really recommend every user of the module, to donate the developper, to inspire him to keep up the good work!
It functions as described, potentially a very useful module, but...
allowed file types can be set up in the config settings, however this did not stop malicious files being uploaded such as "xxxx.php.jpg" or "xxxx.php.pjpg"
The .php.jpg and .php.pjpg extensions giving the clue that these were bad files, later confirmed by our anti-virus check as containing trojans.
After these files were uploaded to my site (and deleted) I checked the module config settings and found that it had been reset to the defaults and that no further changes could be made in the backend. Clearly "something" had affected it and so the module was removed from the site and an alternative is now being used.
The site concerned is protected by a security suite and no subsequent problems were detected. The problem therefore seemed to emanate from this module and is a significant security issue, particularly for sites that handle image files from users as our does.
I attempted contact with the developer through his website contact form as I felt that he should at least be aware of this issue - 10 days later no response! (Did get an automated "email received" reply though).
So, 2 stars only awarded as it does function as generally described but note our experience re security problem and no developer support.
I am very sorry to hear that. Unfortunately allowing uploads to your site is always a risk, regardless of how it's done.
Unfortunately you supplied me with a faulty e-mail address so the e-mail bounced back. I answered your comment on my web-site 6 minutes after you added it!
The default setting in Simple File Upload is to BLOCK files like "xxxx.php.jpg" and according to your description in the mail you had changed that for some reason... :o
You should always make sure your site is secure and won't allow executing files like "xxxx.php.jpg"!
Since the attacker somehow managed to change the name of the file you have some other exploit too as that wouldn't be possible through Simple File Upload.
Please make sure to make a thorough security review of your server and PHP settings!