Setup was very easy and the text showed correct but I would like more features for design and a CSS.
The manuals have previously only been available through FTP but now we could link them through Simple File Lister.
It is good looking and works perfectly.
Then I had a go at this extension and BAM, it does all I need.
The developer should look into the security "hole" found by the "Easy Uploader" developer though as no such attempt to prevent false file types seems to be included in the code.
I am very happy that I don't have to alter anything in this extension!
Keep up the good work!
thanks for your kind review!
I am aware of this security "threat" and have already included a "black-list" for extensions in version 1.3 (are you using 1.2? In that case please upgrade to get the Black-list function).
I tested several different ways of securely detecting the type of file uploaded but I have not found any that would work on different PHP versions and/or platforms.
With the Black-list, even if an attacker fake their way by changing the content-type, they will not be able to change the fact that the extension is required for the file to be interpreted by the server and thus it is "pretty" safe.
Another way is to block "web access" for the upload directory using .htaccess but then again the content (like images) will not be available for web pages either.
Unfortunately there is no good way of doing this in PHP versions lower than 5.3 and even with 5.3 many hosting providers are not allowing the use of file objects or exec functions which would be used to verify the "real" mime type.
In my opinion it is better to have suggestions for htaccess or to restrict by file extension than to give the users a "false" statement that the module is secure...
Also the limitation to have files under ./images directory only is very limiting.
Kudos for nice and clean code but this still requires a few tweaks to functioning perfectly.
Thanks for taking the time out to download and use my module. I have taken note of your review, and would like to encourage you to visit my technical support site: http://support.michaelgilkes.com
There are guidelines of how to deal with this particular issue on the site. The specific post can be accessed here: http://support.michaelgilkes.com/topic/efum-not-detecting-mime-type