The Joomla! Extensions Directory ™

oynor

Reviews(4)
 
byoynor, June 27, 2011
Simple Pop-Up
I just stumbled upon this when looking at Simple File Lister by the same developer and this was perfect for telling our users that they can now download manuals directly from the site and that the FTP was closed.

Setup was very easy and the text showed correct but I would like more features for design and a CSS.
byoynor, June 27, 2011
Simple File Lister
I added Simple File Lister for my own files to have easy access for them but I realized this was very helpful to show PDF manuals that we have for users.
The manuals have previously only been available through FTP but now we could link them through Simple File Lister.

It is good looking and works perfectly.

Thanks again!
byoynor, February 8, 2011
Simple File Upload
I have written my own upload function as a plug-in previously to be included in articles but wanted a module instead. I started working on my own module but figured to look for ready-made solutions here first. I first tried the "Easy File Uploader" and noticed I needed to alter it to make it work as I needed.
Then I had a go at this extension and BAM, it does all I need.
The developer should look into the security "hole" found by the "Easy Uploader" developer though as no such attempt to prevent false file types seems to be included in the code.

I am very happy that I don't have to alter anything in this extension!

Keep up the good work!
Owner's reply

Hi,
thanks for your kind review!

I am aware of this security "threat" and have already included a "black-list" for extensions in version 1.3 (are you using 1.2? In that case please upgrade to get the Black-list function).

I tested several different ways of securely detecting the type of file uploaded but I have not found any that would work on different PHP versions and/or platforms.
With the Black-list, even if an attacker fake their way by changing the content-type, they will not be able to change the fact that the extension is required for the file to be interpreted by the server and thus it is "pretty" safe.

Another way is to block "web access" for the upload directory using .htaccess but then again the content (like images) will not be available for web pages either.

Unfortunately there is no good way of doing this in PHP versions lower than 5.3 and even with 5.3 many hosting providers are not allowing the use of file objects or exec functions which would be used to verify the "real" mime type.

Regards,
Anders

byoynor, February 8, 2011
Easy File Uploader
Well, the module for version 0.5 works great but the update version with added security does not work on my server. I got warnings in maximum logging and looked at the code and could see that none of the solutions the developer has used is supported on my server (hosted). Therefore the added "security" is no security at all for me... :(

In my opinion it is better to have suggestions for htaccess or to restrict by file extension than to give the users a "false" statement that the module is secure...

Also the limitation to have files under ./images directory only is very limiting.

Kudos for nice and clean code but this still requires a few tweaks to functioning perfectly.
Owner's reply

Hi oynor,
Thanks for taking the time out to download and use my module. I have taken note of your review, and would like to encourage you to visit my technical support site: http://support.michaelgilkes.com

There are guidelines of how to deal with this particular issue on the site. The specific post can be accessed here: http://support.michaelgilkes.com/topic/efum-not-detecting-mime-type