Support

Akeeba Ticket System

#24534 Cannot upload Attachment

Posted in ‘Akeeba Ticket System for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Akeeba Ticket System version
n/a

Latest post by sdmarshall73 on Wednesday, 02 March 2016 10:22 CST

sdmarshall73
 I haven't been able to upload any attachments in the Ticket System since recently. Neither have my clients. This applies to all file types. I think this happened after updating to the latest version. I had version 1.6.1 installed previously.

I've checked all the options in Media Manager and they all seem ok and I've disabled Mime Type check. I can't shake the feeling that I'm missing something really simple but I've been on it for a couple of days now.

Any further insights?

nicholas
Akeeba Staff
Manager
ATS works fine as can be attested by the attachments we receive every day in our clients' tickets.

First check that file uploads work on your host at all. You can try uploading a few images using Joomla!'s Media Manager. If this does not work that's your problem and you need to contact your host: most likely the temporary path for PHP uploads is set incorrectly in php.ini.

If you could upload with Joomla!'s Media Manager you need to check your Media Manager settings. Perhaps you are limiting uploads by MIME type but you have not whitelisted the file extensions / MIME types?

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

sdmarshall73
I've played around with this a little and the issue seems to be with just zip files. As I've mentioned before, I have disabled MIME Type check and I have now disabled Restrict Uploads for lower than manager. I have been able to attach images and txt files.

I originally thought image files were a problem because a couple users had complained that they have not been able to attach images but that seems to be working fine when I tested it so I'm not sure what's up with that.

Can you just confirm that you're able to attach zip files in the Ticket System? I used to be able to do that before and I've tested this on two completely different servers with the same results. It doesn't give any error messages or anything, it just posts the reply without attachments. If you attach multiple files with different mime types, as long as a zip file is included none of the files get sent.

EDIT:
Also I can upload zip files using ARS on both servers so I doubt there are any server restrictions there.

sdmarshall73
Ok I'm just testing sending this harmless zip file on your system to see if it works. Hope you don't mind.

sdmarshall73
Yup it worked..ok back to the drawing board.

nicholas
Akeeba Staff
Manager
I told you :) Before replying I went through the code to make sure we're not doing anything funky. Nope. We are just using Joomla!'s upload features.

There is something you should be aware of. Joomla! 3.4.1 and later come with an automatic upload scanner which will deny uploads if they seem to contain PHP code. The code detects "<?", "<?php" and ".php" to determine that. If you are trying to upload an image with EXIF data that contain any of these the strings then the upload will be rejected. Moreover, if you are using double extensions like foo.jpg.php or try to upload a PHP file it will also be rejected. This is a security feature of Joomla! and cannot be turned off.

Apart from that, go to /administrator/index.php?option=com_config&view=component&component=com_media on your site and configure the uploads restrictions there. Just to make sure if this is what restricts your uploads try setting Restrict Uploads and Check MIME Types to No.

Do remember that PHP has restrictions on the maximum upload size and the maximum POST request size. By default, these are 2Mb. Trying to upload anything bigger will fail. Some hosts set them even lower. I've even seen them being as low as 64Kb. Try uploading a tiny text file first. If that works, contact your host.

If uploads fail even when you turn off these features then your server's upload is FUBAR. Go to System, System Information. Under PHP Settings make sure that File Uploads is set to On. Under PHP Information you will find several useful information:
max_file_uploads is how many files can be uploaded. Must be at least 1. The default PHP value (20) is ideal.
upload_max_filesize is the maximum uploaded file size. Make sure it's big enough.
post_max_size is the maximum size of a POST request. Must be equal or greater than upload_max_filesize.
upload_tmp_dir is where the uploads are temporarily stored. This MUST be writeable by PHP. If unsure, contact your host.
If any of these values pose a problem to you, contact your host. These are PHP configuration values. The process of modifying them varies by host. Some hosts require you to have them do it for you, others let you use a .user.ini (dot user dot ini) file in your site's root with the custom values. Other hosts tell you to do that through their control panel. It's a crap shoot so just ask your host.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

sdmarshall73
Aha! It seems that the new Joomla! upload security feature is the culprit. I zipped a php file and tried it and it didn't work. I then changed the same file to a text file and removed the "<?php " part and zipped it and it worked. I wasn't aware of this so thanks for the heads up.

This is a little annoying but I guess that's the price you pay for security. This doesn't affect the files I upload to Akeeba Release System though, I'm not sure why.

I generally just send updated versions of my plugin to users in the ticket if they find a bug or something not working. That way they can feedback if it works ok so I can include the changes in an official release. Guess I'll just have to do what you do and make these updates available in the Developer releases section in ARS.

nicholas
Akeeba Staff
Manager
The Joomla! security feature can be turned off by developers, on a field by field basis.

Akeeba Release System only allows uploads from authenticated users with an Administrator or Super User privilege. These are people who, by definition, you trust with your site. Therefore it makes sense for me to disable the upload scanning for ARS.

Akeeba Ticket System, on the other hand, allows by definition untrusted third parties to upload stuff to your site through the front-end. At best they will be registered users, i.e. you have verified their email. At worst they will be total strangers who are performing a drive-by attack. Therefore it makes sense to leave the upload scanning turned on.

And yes, if your goal is to provide your users with a dev release that fixes a bug they have reported it makes much more sense using BleedingEdge categories in ARS. This works much better as it allows other people who come across the (public) ticket to download and test the same dev release. With an ATS attachment they wouldn't be able to do that since the default setting is Private Attachments, i.e. only you and the ticket owner can see the attachments.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

sdmarshall73
Aah got you. Ok I'll just do that.

I wish Joomla! had provided some feedback or message as to why the uploads didn't work though. At least then I would've known right off the bat what was happening.

Anyhow thanks for the timely and useful responses.

Regards.

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!