Post by RuslanBrest » Wed Jan 07, 2015 5:58 am

Where: Opencart 2.0.1.1, admin backend, `catalog/download/add`

There is 3 security check (file extension, mime type, and "<?php" inside the file). The last one fails uploading safe zip files. You can check this - try to make downloadable "opencart-2.0.1.1.zip" in fresh oc2011 install.

I have found that zip includes short PHP files into archive as is, without packing.
The "opencart-2.0.1.1.zip" contains lot of "<?php" inside it - it have several short language files (1-3 lines length).

Tried to zip with maximum compresion level (zip -9) - no luck. Default is "-6".

Any ideas on how to solve the problem without removing such security check?

OCJ: OpencartJazz.com
http://rb.labtodo.com/category/opencart (lang: ru)


New member

Posts

Joined
Sat Nov 12, 2011 3:19 pm

Who is online

Users browsing this forum: No registered users and 9 guests