Hi Everyone,
How can I block some of the file type during attachment (eg .exe, .bin). Before attachment I want to validate the type of file.
Thanks & Regards,
Validate Attachment
Moderator: crythias
-
- Znuny newbie
- Posts: 33
- Joined: 09 Nov 2011, 11:20
- Znuny Version: 2.4.4
-
- Znuny newbie
- Posts: 33
- Joined: 09 Nov 2011, 11:20
- Znuny Version: 2.4.4
Re: Validate Attachment
I added a script /opt/otrs/Kernel/System/Web/UploadCache/DB.pm before uploading file to Web_Upload_Cache table.
if($Param{ContentType} eq "application/octet-stream")
{
return;
}
How can i throw customized error eg(Invalid file)
if($Param{ContentType} eq "application/octet-stream")
{
return;
}
How can i throw customized error eg(Invalid file)
-
- Znuny newbie
- Posts: 4
- Joined: 24 Feb 2012, 21:53
- Znuny Version: 31100
- Real Name: Rikwin de Vos
- Company: LBi Netherlands
- Location: The Netherlands
- Contact:
Re: Validate Attachment
Hi,
I just read your email and was wondering if you managed to fix this issue?
Right now we are having the same issue that dangerous attachments are not blocked.
I managed to create a temporary fix which involvens a shell script that runs by a cronjob
and searches the OTRS attachement directory for file extensions like .exe and deletes them.
But this does not prevent the actual upload.
Kinds regards,
Rikwin
LBi
I just read your email and was wondering if you managed to fix this issue?
Right now we are having the same issue that dangerous attachments are not blocked.
I managed to create a temporary fix which involvens a shell script that runs by a cronjob
and searches the OTRS attachement directory for file extensions like .exe and deletes them.
But this does not prevent the actual upload.
Kinds regards,
Rikwin
LBi
-
- Znuny newbie
- Posts: 33
- Joined: 09 Nov 2011, 11:20
- Znuny Version: 2.4.4
Re: Validate Attachment
Please see my previous response.
edit file /opt/otrs/Kernel/System/Web/UploadCache/DB.pm before uploading file to Web_Upload_Cache table.
if($Param{ContentType} eq "application/octet-stream")
{
return;
}
It returns nothing an stops uploading exe file, but I am unable to throw a error.
edit file /opt/otrs/Kernel/System/Web/UploadCache/DB.pm before uploading file to Web_Upload_Cache table.
if($Param{ContentType} eq "application/octet-stream")
{
return;
}
It returns nothing an stops uploading exe file, but I am unable to throw a error.
-
- Znuny newbie
- Posts: 2
- Joined: 22 Mar 2013, 05:19
- Znuny Version: 3.2.3
- Real Name: Rahmat Naim
- Company: Research Management Centre, UTM
Re: Validate Attachment
hye santos,
can you be more specific on which line should i put this code?
as I'm not getting anywhere. I don't know where when you mean by before uploading file to web_upload_cache table.
and perl is not my mothertongue.
and by you mean stop uploading, is it when we press submit or when we select the file?
can you be more specific on which line should i put this code?
as I'm not getting anywhere. I don't know where when you mean by before uploading file to web_upload_cache table.
and perl is not my mothertongue.
and by you mean stop uploading, is it when we press submit or when we select the file?
-
- Znuny newbie
- Posts: 33
- Joined: 09 Nov 2011, 11:20
- Znuny Version: 2.4.4
Re: Validate Attachment
edit file /opt/otrs/Kernel/System/Web/UploadCache/DB.pmZzynxX wrote:hye santos,
can you be more specific on which line should i put this code?
as I'm not getting anywhere. I don't know where when you mean by before uploading file to web_upload_cache table.
and perl is not my mothertongue.
and by you mean stop uploading, is it when we press submit or when we select the file?
if ($Param{Filename} =~ /\.exe$/i)
{
return;
}
if ($Param{Filename} =~ /\.dll$/i)
{
return;
}
if ($Param{Filename} =~ /\.dat$/i)
{
return;
}
if ($Param{Filename} =~ /\.bat$/i)
{
return;
}
if($Param{ContentType} eq "application/octet-stream")
{
return;
}
# write attachment to db
my $Time = time();
return if !$Self->{DBObject}->Do(
SQL => 'INSERT INTO web_upload_cache '
. ' (form_id, filename, content_type, content_size, content, create_time_unix,'. ' content_id)'
. ' VALUES (?, ?, ?, ?, ?, ?, ?)',
Bind => [\$Param{FormID}, \$Param{Filename}, \$Param{ContentType}, \$Param{Filesize}, \$Param{Content}, \$Time, \$ContentID],
);
return 1;
}