File have unallowed extension

Seems to upload fine when I select HTML 4. Is there something I need to set or allow on the server for HTML 5 to work right?

Switched to PHP 7. Same issues. Latest version of Cobalt, Audio upload field and media pack.

System Information Setting Value

PHP Built On Linux Database Version 5.5.5-10.1.20-MariaDB Database Collation latin1_swedish_ci Database Connection Collation utf8mb4_general_ci PHP Version 7.0.14 Web Server LiteSpeed WebServer to PHP Interface litespeed Joomla! Version Joomla! 3.6.5 Stable [ Noether ] 1-December-2016 22:46 GMT Joomla! Platform Version Joomla Platform 13.1.0 Stable [ Curiosity ] 24-Apr-2013 00:00 GMT User Agent Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36

@sergey please have a look. I need to get this fixed up ASAP. My site is dead without it.

Bump

Hello, I could not recreate this issue locally.

Did you test any other extension with HTML5 upload? At least, this would clarify if it is a general issue with the environment.

pepperstreet Did you test any other extension with HTML5 upload?

Yes. This is exactlay what in the field mp3, txt

Everything seemed to work when I last check it but a few things have changed since then. Including me switching hosts. So to be honest I am not sure what might be the problem.

justanotherguy Yes. This is exactlay what in the field mp3, txt

Sorry, I meant not the file extensions...
I mean other Joomla extension which also have an HTML5 upload feature.

If you have few extensions do not add space after coma.

I mean other Joomla extension which also have an HTML5 upload feature.

I dont have naother extension for html5 upload to test.> pepperstreet

Sergey If you have few extensions do not add space after coma.> Sergey

I only have 'mp3' without the quote in the field.

origional i had only mp3 in the field as you can see in the screenshot. This caused the error File have unallowed extension however. Again it worked this way with HTML 4 selected with only mp3 in the field

However if I select html5 i must put mp3, in the field and then it works.

I would suggest this a bug as it now works with mp3, in the field.

Please report back and resolve,.

What field are you using? Audio?

Sergey What field are you using? Audio?

Field - Audio

As you can imagine ending with a , causes a display issue when the record is viewed. Have a look and Ill try it out when fixed.

I had a friend fix it. Changed:

/media/mint/js/mooupload/mooupload.php

function changed -- HTML5_upload(), _read_headers();

For some reason, the custom headers are being returned as lowercase (on my server) from getallheaders(). This is what was causing the issue. See the fixed code below.

<?php
/**
 *
 * Mooupload class
 *
 * Provides a easy way for recept and save files from MooUpload
 *
 * DISCLAIMER: You must add your own special rules for limit the upload of
 * insecure files like .php, .asp or .htaccess
 *
 * @author: Juan Lago <juanparati[at]gmail[dot].com>
 *
 */

class Mooupload
{

    // Container index for HTML4 and Flash method
    public $container_index = '_tbxFile';

    public $destpath = null;
    public $max_upload = null;

    public function is_HTML5_upload() {
        return empty ( $_FILES );
    }

    public function HTML4_upload()
    {

        $app = JFactory::getApplication();
        $response = array ();

        foreach ( $_FILES as $k => $file )
        {
            $response ['key'] = ( int ) substr ( $k, strpos ( $k, @$this->container_index ) + strlen ( @$this->container_index ) );
            $response ['name'] = basename ( $file ['name'] ); // Basename for security issues
            $response ['error'] = $file ['error'];
            $response ['size'] = $file ['size'];

            $ext = JFile::getExt($response ['name']);
            $session = JFactory::getSession();
            $exts = $session->get('file_formats', array(), $app->input->get('key'));
            $ext = JFile::getExt($response ['name']);
            $response ['finish'] = FALSE;

            if(!in_array(strtolower($ext), $exts))
            {
                $response ['error'] = JText::sprintf('File %s have unallowed extension %s', $response['name'], $ext); //UPLOAD_ERR_EXTENSION;
                return $response;
            }
            $time = mktime(date('h'), 0, 0, date('m'), date('d'), date('y'));

            $filename = $time . '_' . md5($response['name'].'-'.time().'-'.$time).'.'.$ext;

            $response['upload_name'] = $filename;
            if ($response ['error'] == 0)
            {
                if (move_uploaded_file ( $file ['tmp_name'], $this->destpath . $filename ) === FALSE)
                    $response['error'] = UPLOAD_ERR_NO_TMP_DIR;
                else
                    $response['finish'] = TRUE;
            }
        }

        return $response;
    }

    public function HTML5_upload()
    {

        $app = JFactory::getApplication();
        $max_upload = $this->max_upload;
        $max_post = $this->_convert_size ( ini_get ( 'post_max_size' ) );
        $memory_limit = $this->_convert_size ( ini_get ( 'memory_limit' ) );
        $limit = min ( $max_upload, $max_post, $memory_limit );

        // Read headers
        $response = array ();
        $headers = $this->_read_headers ();

        $response ['id'] = $headers ['x-file-id'];
        $response ['name'] = basename ( $headers ['x-file-name'] ); // Basename for security issues
        $response ['size'] = isset($headers ['Content-Length']) ? $headers ['Content-Length'] : $headers ['x-file-size'];
        $response ['error'] = UPLOAD_ERR_OK;
        $response ['finish'] = FALSE;

        if ($response ['size'] > $limit)
            $response ['error'] = UPLOAD_ERR_INI_SIZE;

        // Is resume?
        $flag = ( bool ) $headers ['x-file-resume'] ? FILE_APPEND : 0;

        $session = JFactory::getSession();
        $exts = $session->get('file_formats', array(), $app->input->get('key'));
        $ext = strtolower(JFile::getExt($response ['name']));

        if(!in_array($ext, $exts))
        {
            $response ['error'] = JText::sprintf('File %s have unallowed extension %s', $response['name'], $ext); //UPLOAD_ERR_EXTENSION;
            return $response;
        }

        $time = mktime(date('h'), 0, 0, date('m'), date('d'), date('y'));

        $filename = $time . '_' . md5($response['name'].'-'.$headers['x-file-id'].'-'.$time).'.'.$ext;

        $response ['upload_name'] = $filename;

        // Write file
        if (file_put_contents ( $this->destpath . $filename, file_get_contents ( 'php://input' ), $flag ) === FALSE)
            $response ['error'] = UPLOAD_ERR_CANT_WRITE;
        else {
            $response['add'] = $headers ['x-file-size'].'-'. filesize($this->destpath . $filename);
            if(filesize($this->destpath . $filename) == $headers['x-file-size']) {
                $response ['finish'] = TRUE;
            }
        }

        return $response;
    }

    public function upload()
    {
        $session = JFactory::getSession();
        $app = JFactory::getApplication();
        $this->max_upload = (int)$session->get('max_size', $this->_convert_size (ini_get('upload_max_filesize')), $app->input->get('key'));
        $this->destpath = JPATH_ROOT. DIRECTORY_SEPARATOR .'tmp'.DIRECTORY_SEPARATOR;
        return $this->is_HTML5_upload () ? $this->HTML5_upload () : $this->HTML4_upload ();
    }

    public function _convert_size($val)
    {
        $val = trim ( $val );
        $last = strtolower ( $val [strlen ( $val ) - 1] );

        switch ($last) {
            case 'g' :
                $val *= 1024;

            case 'm' :
                $val *= 1024;

            case 'k' :
                $val *= 1024;
        }

        return $val;
    }

    public function _read_headers()
    {
        // GetAllHeaders doesn't work with PHP-CGI

        // getallheaders returns lower-case headers for the x-<whatever> headers
        if (function_exists ( 'getallheaders' )) {
            $headers = array();
            foreach(getallheaders() as $name => $value)
            {
                $headers[$name] = $value;
            }
        } else {
            $headers = [];
            $headers['Content-Length'] = @$_SERVER['CONTENT_LENGTH'];
            $headers['x-file-id'] = @$_SERVER['HTTP_X_FILE_ID'];
            $headers['x-file-name'] = @$_SERVER['HTTP_X_FILE_NAME'];
            $headers['x-file-resume'] = @$_SERVER['HTTP_X_FILE_RESUME'];
            $headers['x-file-size'] = @$_SERVER['HTTP_X_FILE_SIZE'];
        }

        return $headers;
    }
}

it's getting the headers from the $_SERVER variable correctly, but getallheaders() is returning them in lowercase.

I have added those changes to next version.

thx

You also need to add an option to strip chars out of filenames. I just uploaded a file with a filename of O'C.mp3 it was allowed to upload and then causes the player not to show up.

That could be very bad.

What is the error in console if player fails?

Sorry for the late reply.

Consol reads - Uncaught SyntaxError: Unexpected identifier

index.php?option=com_cobalt&view=records&section_id=1&Itemid=235:1816

File name was - MarkO'Bryan.mp3

Player also needs to be switched out to standard HTML5 audio player. Not only is the JW player too expensive for commercial license it is VERY slow when loading 20 players on the screen. In a previous article I use another player mediaelement.js and every was much faster. Since then HTML by default has aplayer and that should be used.

Please dont wait until CO9 for these to change. They should be able to be modified in this field very easy.