Simple File Upload
Version
1.3.5 (last update on Jan 2, 2012)
Rating
Compatibility
Votes
Favoured
45
License
GPLv2 or later
Non-Commercial
Type
Views
134021
Date Added
20 May 2009
Version 1.3.5 is tested and verified on Joomla 2.5! (2012-01-14)
Use download for 1.6/1.7!
!!!Security Release 2012-01-02!!!
JED found an exploit in the code where they managed to upload a file named "file.php5". Unfortunately I had not added php5 to the blocked extensions list but now (version 1.3.5) it is added along with .php6 and an extra check to see if ".php" exists in the file-name!
Please make sure to update to version 1.3.5 as soon as possible!
UPDATE 2010-01-04: To be even more on the safe side I have now added code to inspect GIF comments. There is a new option called "Block PHP GIF comments" in the settings which is default set to "Yes" which will read any GIF comment and block the upload if the comment contains any PHP code!
!!!Security Release!!!
It includes the following key features:
- Multiple modules on the same page with different settings
- "Add Note" to uploaded files
- Image re-size
- Automated thumbnail creation for images
- Image compress for JPEG and PNG
- Now supports both "User Named Directory" and "User Defined Directory"! (see below)
- CAPTCHA
- List files in upload directory in pop-up (FancyBox)
- Multiple files upload
- Notification e-mail
- And more...
More features:
- Integrated Ajax in Joomla framework
- "Blacklist" of extensions (threat-protection)
- Multi select file browser for FireFox 3.6+ versions
- Info popup-box now contains the link (URL)
- URL attached in e-mail notice
- Redirect option after uploading
- User Named Directory: You can set a root path for User Named Directories, e.g. "/home/users/" and then select which users should have the option to use the directory.
- User Defined Directory: You can select from the list of users and add custom directory paths for the user.
- Multiple choice of upload paths added. If a users has "User Named Directory" and/or "User Defined Directory" the user will get a pop-up box asking for the directory to upload to.
- List files option from upload directory in "pop-up"
- Form Fields can now be collected into the same file. A few JED Image Galleries are using a parameter file for labels/description of images.
- Multiple languages.
Take care!
Regards,
Anders
This module is working like charme.
Easy to configure.
The only think I had to do is to change the post_max_size to get uploaded mp3 files bigger then 8MB.
There was no error information there. So if the script stops and you don't get a message just check this PHP parameter in your Joomla installation.
Thank you Andres for this great job :)
Easy to configure.
The only think I had to do is to change the post_max_size to get uploaded mp3 files bigger then 8MB.
There was no error information there. So if the script stops and you don't get a message just check this PHP parameter in your Joomla installation.
Thank you Andres for this great job :)
Version 1.3 on Joomla 1.5.25
It functions as described, potentially a very useful module, but...
allowed file types can be set up in the config settings, however this did not stop malicious files being uploaded such as "xxxx.php.jpg" or "xxxx.php.pjpg"
The .php.jpg and .php.pjpg extensions giving the clue that these were bad files, later confirmed by our anti-virus check as containing trojans.
After these files were uploaded to my site (and deleted) I checked the module config settings and found that it had been reset to the defaults and that no further changes could be made in the backend. Clearly "something" had affected it and so the module was removed from the site and an alternative is now being used.
The site concerned is protected by a security suite and no subsequent problems were detected. The problem therefore seemed to emanate from this module and is a significant security issue, particularly for sites that handle image files from users as our does.
I attempted contact with the developer through his website contact form as I felt that he should at least be aware of this issue - 10 days later no response! (Did get an automated "email received" reply though).
So, 2 stars only awarded as it does function as generally described but note our experience re security problem and no developer support.
It functions as described, potentially a very useful module, but...
allowed file types can be set up in the config settings, however this did not stop malicious files being uploaded such as "xxxx.php.jpg" or "xxxx.php.pjpg"
The .php.jpg and .php.pjpg extensions giving the clue that these were bad files, later confirmed by our anti-virus check as containing trojans.
After these files were uploaded to my site (and deleted) I checked the module config settings and found that it had been reset to the defaults and that no further changes could be made in the backend. Clearly "something" had affected it and so the module was removed from the site and an alternative is now being used.
The site concerned is protected by a security suite and no subsequent problems were detected. The problem therefore seemed to emanate from this module and is a significant security issue, particularly for sites that handle image files from users as our does.
I attempted contact with the developer through his website contact form as I felt that he should at least be aware of this issue - 10 days later no response! (Did get an automated "email received" reply though).
So, 2 stars only awarded as it does function as generally described but note our experience re security problem and no developer support.
Owner's reply
I am very sorry to hear that. Unfortunately allowing uploads to your site is always a risk, regardless of how it's done.
Unfortunately you supplied me with a faulty e-mail address so the e-mail bounced back. I answered your comment on my web-site 6 minutes after you added it!
The default setting in Simple File Upload is to BLOCK files like "xxxx.php.jpg" and according to your description in the mail you had changed that for some reason... :o
You should always make sure your site is secure and won't allow executing files like "xxxx.php.jpg"!
Since the attacker somehow managed to change the name of the file you have some other exploit too as that wouldn't be possible through Simple File Upload.
Please make sure to make a thorough security review of your server and PHP settings!
Regards,
Anders
Downloaded the version 1.3 for my Joomla 1.7 installation.
For every trouble I encountered and even modifications in the code needed I was answered fast and each explanation was clear.
donated for Andres since developers such as him are needed in our community.
Great module, amazing support.
Expecting next version with more options regarding form section, that would make this module perfect!
Cheers,
Shahar Galukman
For every trouble I encountered and even modifications in the code needed I was answered fast and each explanation was clear.
donated for Andres since developers such as him are needed in our community.
Great module, amazing support.
Expecting next version with more options regarding form section, that would make this module perfect!
Cheers,
Shahar Galukman
Worked just like it said and am very satisfied. Comes with a lot of extras also. I highly recommend this extension.
After trying several fileupload modules i came to this one. It gives a lot to configure and works like it says. Its really a simple file upload.
I encountered some problems with some of my selfwritten jquery code on my page, but with the outstanding and fast support of the developer i was able to change my own code to better compatibility.
I really recommend this module if you need some fileupload for your joomla site.
I encountered some problems with some of my selfwritten jquery code on my page, but with the outstanding and fast support of the developer i was able to change my own code to better compatibility.
I really recommend this module if you need some fileupload for your joomla site.
This is potentially a great, simple, free module but, for me it has a couple of flaws. The first, that it resizes images up if they are too small, I was able to correct. The second, that it does not replace spaces in filenames on upload, means that it does not work with my slideshow - which replaces them with "%20" and breaks the link.
My understanding is that it is now standard practice to use dashes or underscores in filenames to avoid these problems but I cannot rely on people uploading to do so.
I spent quite a while trying to hack the code to get it to work (I did succeed with some other modifications so I can't be a complete idiot!) but was not able to replace the spaces without breaking the text file writing part of the script.
I asked the developer but he was not able to do it.
My understanding is that it is now standard practice to use dashes or underscores in filenames to avoid these problems but I cannot rely on people uploading to do so.
I spent quite a while trying to hack the code to get it to work (I did succeed with some other modifications so I can't be a complete idiot!) but was not able to replace the spaces without breaking the text file writing part of the script.
I asked the developer but he was not able to do it.
Owner's reply
Hi, so sorry that you are not satisfied with the work I've done. I have released my Extensions as GPL free for all to grab, use and change as they like.
I try to help out with modifications the best I can but I do have a day-time job and do this at my spear-time why I simply don't have time to help all users asking for modifications.
I tried to help you out and sent several e-mails pointing out where to alter the code. Study PHP a bit more and then give it another go...
Next time when you rate something, please do so on the functions included, not according to what YOU want to have included... :(
Regards,
Anders
This is a great extension, and does exactly what it says it does. It has a simple front-end, and a enough options on the back-end to make it useful and secure. Also, as stated many times in other reviews, the tech support (Anders) is excellent with a good response time and knowledgeable answers. I had a little difficulty getting it installed and working, however the problems were on my end and Anders was able to quickly provide help. I would easily recommend this extension to anyone who needs visitors to upload files to their website.
That being said, when I first installed the mod, it didn't work at all. Turns out this was caused by wrong file permissions in the mod folder. Not sure how this happened, but Anders was able to quickly get to the bottom of this. The second issue was that uploads would seem to fail, or time-out with no warning. Once again, Anders was able to show me that it was due to a configuration problem with the PHP.INI (Problem on my end, not the SFU mod. My uploads were limited to 8MB.) Once I corrected the PHP.INI, the uploads (and multiple uploads) worked fine.
That being said, when I first installed the mod, it didn't work at all. Turns out this was caused by wrong file permissions in the mod folder. Not sure how this happened, but Anders was able to quickly get to the bottom of this. The second issue was that uploads would seem to fail, or time-out with no warning. Once again, Anders was able to show me that it was due to a configuration problem with the PHP.INI (Problem on my end, not the SFU mod. My uploads were limited to 8MB.) Once I corrected the PHP.INI, the uploads (and multiple uploads) worked fine.
Really makes it easy to let users upload files, simply! Works well as is, or can be configured for more particular needs.
I'm using it, for example, for a client that wanted a way for their clients to submit files and artwork that was too big for e-mail. This extension allowed me to have users upload to their own, separate, sub-directories and don't see other users' folders or files.
I'm using it, for example, for a client that wanted a way for their clients to submit files and artwork that was too big for e-mail. This extension allowed me to have users upload to their own, separate, sub-directories and don't see other users' folders or files.
When I installed and configured Simple File Upload I could not get the Captcha and form fields to work. As soon as I enabled either one of them it would not upload the file. I contacted Anders and within a few hours he responded and gave me some ideas to try. It is now working great and I am really pleased with how the module looks and functions. Great module and super service.
In my experience, all too often, when searching for a joomla extension you get all excited when you think you've found it. Then your hopes are dashed when the extension fails to live up to your expectations, or you find it practically impossible to install, and / or configure.
However, this one didn't disappoint!
Once you actually find the correct version to install, getting it up and running is a breeze. Apparently I had installed the wrong version. The download page is a little bit confusing, but as soon as I made a comment on the website, Anders got back to me straight away with a solution in an email. Now everything seems to be working fine.
All in all, an excellent extension, so thanks and well done Anders. Cheers, Allan
PS. I will indeed be happy to give you a donation because it certainly is worth at least $5 bucks!
However, this one didn't disappoint!
Once you actually find the correct version to install, getting it up and running is a breeze. Apparently I had installed the wrong version. The download page is a little bit confusing, but as soon as I made a comment on the website, Anders got back to me straight away with a solution in an email. Now everything seems to be working fine.
All in all, an excellent extension, so thanks and well done Anders. Cheers, Allan
PS. I will indeed be happy to give you a donation because it certainly is worth at least $5 bucks!
But it was simple to install and use! When I had a question that was racking my brain (because I didn't read the manual...my fault), Anders was quick to reply and solve the problem in a friendly way. Two thumbs up, five stars, and whatever top rating you can give! If all developers were like this, the web would be a much happier place!
Simple File Upload does exactly what it says!
Even if you have very little joomla experience you will be able to have your website visitors uploading files to your sever in no time.
It integrates perfectly with Simple File Lister to automatically add the newly uploaded files the list as well.
It also offers you decent security by allowing you to restrict and exclude the file types that can be uploaded, captcha to prevent bot exploitation, and notification emails so you will quickly be able to recognize if someone is abusing the feature.
For me, the combination of the two modules works perfectly as a way for the teachers who visit my page to upload and exchange classroom handouts and create an ever growing online repository.
Not to mention support seems to be very quick, with Anders even mailing me a build of the module that will not be released until later this week!
I can highly recommend it.
Thanks Anders!
Even if you have very little joomla experience you will be able to have your website visitors uploading files to your sever in no time.
It integrates perfectly with Simple File Lister to automatically add the newly uploaded files the list as well.
It also offers you decent security by allowing you to restrict and exclude the file types that can be uploaded, captcha to prevent bot exploitation, and notification emails so you will quickly be able to recognize if someone is abusing the feature.
For me, the combination of the two modules works perfectly as a way for the teachers who visit my page to upload and exchange classroom handouts and create an ever growing online repository.
Not to mention support seems to be very quick, with Anders even mailing me a build of the module that will not be released until later this week!
I can highly recommend it.
Thanks Anders!
Page 1 of 3