Validate Attachment

santoshreddy_spy · Post by **santoshreddy_spy** » 29 May 2012, 09:13

Hi Everyone,
How can I block some of the file type during attachment (eg .exe, .bin). Before attachment I want to validate the type of file.

Thanks & Regards,

santoshreddy_spy · Post by **santoshreddy_spy** » 31 May 2012, 10:04

I added a script /opt/otrs/Kernel/System/Web/UploadCache/DB.pm before uploading file to Web_Upload_Cache table.
if($Param{ContentType} eq "application/octet-stream")
{
return;
}
How can i throw customized error eg(Invalid file)

stormfox · Post by **stormfox** » 26 Jun 2012, 15:49

Hi,

I just read your email and was wondering if you managed to fix this issue?
Right now we are having the same issue that dangerous attachments are not blocked.

I managed to create a temporary fix which involvens a shell script that runs by a cronjob
and searches the OTRS attachement directory for file extensions like .exe and deletes them.
But this does not prevent the actual upload.

Kinds regards,

Rikwin
LBi

santoshreddy_spy · Post by **santoshreddy_spy** » 27 Jun 2012, 06:28

Please see my previous response.

edit file /opt/otrs/Kernel/System/Web/UploadCache/DB.pm before uploading file to Web_Upload_Cache table.
if($Param{ContentType} eq "application/octet-stream")
{
return;
}

It returns nothing an stops uploading exe file, but I am unable to throw a error.

ZzynxX · Post by **ZzynxX** » 14 May 2013, 03:48

hye santos,
can you be more specific on which line should i put this code?
as I'm not getting anywhere. I don't know where when you mean by before uploading file to web_upload_cache table.
and perl is not my mothertongue.
and by you mean stop uploading, is it when we press submit or when we select the file?

santoshreddy_spy · Post by **santoshreddy_spy** » 14 May 2013, 06:48

ZzynxX wrote:hye santos,
can you be more specific on which line should i put this code?
as I'm not getting anywhere. I don't know where when you mean by before uploading file to web_upload_cache table.
and perl is not my mothertongue.
and by you mean stop uploading, is it when we press submit or when we select the file?

edit file /opt/otrs/Kernel/System/Web/UploadCache/DB.pm
if ($Param{Filename} =~ /\.exe$/i)
{
return;
}
if ($Param{Filename} =~ /\.dll$/i)
{
return;
}
if ($Param{Filename} =~ /\.dat$/i)
{
return;
}
if ($Param{Filename} =~ /\.bat$/i)
{
return;
}
if($Param{ContentType} eq "application/octet-stream")
{
return;
}
# write attachment to db
my $Time = time();
return if !$Self->{DBObject}->Do(
SQL => 'INSERT INTO web_upload_cache '
. ' (form_id, filename, content_type, content_size, content, create_time_unix,'. ' content_id)'
. ' VALUES (?, ?, ?, ?, ?, ?, ?)',
Bind => [\$Param{FormID}, \$Param{Filename}, \$Param{ContentType}, \$Param{Filesize}, \$Param{Content}, \$Time, \$ContentID],
);
return 1;
}

Znuny and ((OTRS)) Community Edition

Validate Attachment

Validate Attachment

Re: Validate Attachment

Re: Validate Attachment

Re: Validate Attachment

Re: Validate Attachment

Re: Validate Attachment