Hi,

I am not able to upload some ZIP files using JCE Media manager. After checking everything, I found, that this is "security feature" of Joomla.
JFilterInput::isSafeFile scans raw contents of ZIP files (and other archives) for keywords like "PHP". From the code I guess that this check could be skipped when calling isSafeFile. Could JCE have option in profile to skip such check (Something like "Allow potentional dangerous files upload")?

You can check discussion around this here (last post).

Thanks for consideration

Pavel

Hi,

as written in subject "Upload Failed: No data".

Joomla issue is fixed to JInputFilter, so if JCE uses $jinput->files->get('jform') or some similar construction, it is affected. Solution is to use
$files = $jinput->files->get('jform', array(), 'raw'); (as you can see in the link I sent).

When I tried to switch off Mime Type check and renamed the zip to pdf, upload worked correctly.

I can provide you example zip, but its quite large, aprox 5MB, so cannot post it here...

Pavel

No, just JPEG images.

I created small test file, find it attached. It is not perfect case, as I had to use .pl in one of filename. In my real zip file, there are just jpgs, but because of zip compression somewhere in the file is ".pl" sequence, which is considered as dangerous.

Upload fails because JInputFilter returns false on line 724 (Joomla 3.9.6). It checks contents of zip file (without unzipping, just raw data) for suspicious extensions.

All my test files uploaded succesfully. Thanks a lot.

Pavel