Author Topic: Backend uploads require upload directory within JPATH_ROOT  (Read 293 times)

0 Members and 1 Guest are viewing this topic.

Offline dr236

  • Newbie
  • *
  • Posts: 5
(Not sure if a bug.) It looks like jd's "Upload Files" via the backend requires that the upload directory lives within JPATH_ROOT, due to the call
  $targetDirCleaned  = JPath::check($targetDirWithSep);
within administrator/components/com_jdownloads/controllers/uploads.php:upload.

But this isn't checked for when the upload directory is configured in jd's "Upload directory path". Also the "auto discovery" of new files manually uploaded to the jdownloads upload area, and the front-end upload procedure do not check for this.

Could I suggest this check isn't done, as there are good reasons to have the upload directory outside of JPATH_ROOT.


Offline ColinM

  • Moderator
  • *
  • Posts: 3.477
Think you are right but need to check with Arno.  JPath::check($targetDirWithSep);  will clean up the path if possible and also check that the path is in the scope of the Joomla root.

Using JPath::clean   just cleans up the directory string if possible.  So maybe

  $targetDirCleaned  = JPath::clean($targetDirWithSep);
would be OK.

But maybe there is a specific reason for the 'check' function because of the use of Plupload.