Downloads: wrong security check breaks uploading safe files
Posted: Wed Jan 07, 2015 5:58 am
Where: Opencart 2.0.1.1, admin backend, `catalog/download/add`
There is 3 security check (file extension, mime type, and "<?php" inside the file). The last one fails uploading safe zip files. You can check this - try to make downloadable "opencart-2.0.1.1.zip" in fresh oc2011 install.
I have found that zip includes short PHP files into archive as is, without packing.
The "opencart-2.0.1.1.zip" contains lot of "<?php" inside it - it have several short language files (1-3 lines length).
Tried to zip with maximum compresion level (zip -9) - no luck. Default is "-6".
Any ideas on how to solve the problem without removing such security check?
There is 3 security check (file extension, mime type, and "<?php" inside the file). The last one fails uploading safe zip files. You can check this - try to make downloadable "opencart-2.0.1.1.zip" in fresh oc2011 install.
I have found that zip includes short PHP files into archive as is, without packing.
The "opencart-2.0.1.1.zip" contains lot of "<?php" inside it - it have several short language files (1-3 lines length).
Tried to zip with maximum compresion level (zip -9) - no luck. Default is "-6".
Any ideas on how to solve the problem without removing such security check?