PDA

View Full Version : Zip Attachments


Jafo232
11-15-2005, 10:00 PM
This extension allows your users to decide if they want an attachment to be zipped up upon upload. The file(s) are zipped before VB checks the size limit. It always annoyed me when I have to post a text document and it is too big for that extension setting. Zipping a text file greatly reduces the size.

This extension should also save space in your attachments database as all new files will be compressed with the zip method.

Installation is simple:

1. Upload the zip.lib.php file to your forums directory.

2. Upload the xml file as a plugin.

3. Tiny edit to template newattachment.

4. Click Install

I will support here as I have time.

This modification is FREE of charge, but if you wish to reward me for my work, and encourage future modifications by me, please donate below:

https://vborg.vbsupport.ru/external/2010/02/12.gif (https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=sales%40worldwidecreations%2ecom&item_name=Hack_Donation&item_number=zip_att&no_shipping=2&no_note=1&tax=0&currency_code=USD&bn=PP%2dDonationsBF&charset=UTF%2d8)

Benj
11-16-2005, 02:34 PM
cooool

Jafo232
11-16-2005, 02:43 PM
Actually, sorry, uploaded the incomplete xml file, please redownload..

Oblivion Knight
11-16-2005, 02:47 PM
This also beats adding a load of additional attachment extensions manually. Although of course, this could also potentially be a huge security risk.. No more so than .zip files being allowed in the first place though!

Shack Networks
11-16-2005, 03:20 PM
Does just what it says on the tin...

/me clicks install

silurius
11-16-2005, 03:38 PM
This also beats adding a load of additional attachment extensions manually. Although of course, this could also potentially be a huge security risk.. No more so than .zip files being allowed in the first place though!

Could you please explain this .zip risk to a security dunderhead such as myself? Might be a good thing to mention up in the extension overview.

Jafo232
11-16-2005, 03:40 PM
Could you please explain this .zip risk to a security dunderhead such as myself? Might be a good thing to mention up in the extension overview.

There really isn't one. Your users currently have the right to upload zip files I assume? If so, there really is no difference.

Rich
11-16-2005, 03:47 PM
Hello,

A risk would be a member uploading an executable file type in zip format. When opened, all hell could break loose on unsuspecting users. I personally have .zip files as an attachment type that is not allowed for this very reason.

I think the concept of this modification is great for users that already allow the .zip extension as a valid upload type.

I am not sure if it is possible, but it would be great if there were a way to have uploaded zip files scanned for viruses in the same manner that varying email apps do. I know this is probably very difficult to do, but it would be very nice. lol

Jafo232
11-16-2005, 03:51 PM
Actually I am working on that right now.. This thread gave me the idea. I do it for another application of mine, I am sure I can fit it in pretty quick.

Cyricx
11-16-2005, 04:23 PM
Maybe just add a template modification in the attachments section with like a warning reminding users to always scan zip files before opening?

FleaBag
11-16-2005, 04:51 PM
Yeah this is nice!

puertoblack2003
11-16-2005, 05:14 PM
love it ******INSTALLED**********

Snake
11-16-2005, 06:25 PM
Nice!

theArchitect
11-16-2005, 08:22 PM
There really isn't one. Your users currently have the right to upload zip files I assume? If so, there really is no difference.

You are correct that this hack is not a security risk as most forums will allow the uploading of .zip files.

I think that OK was saying was that .zip files in general can be a security risk. Just as when you get a virus e-mail with a .zip file in it and the recipient thinks, "what is in the .zip file". They open it and hey presto a virus leaps out at them.

akanevsky
11-16-2005, 10:29 PM
Where did you get this version of zip.lib.php from?

Jafo232
11-16-2005, 11:59 PM
Where did you get this version of zip.lib.php from?

http://www.weberdev.com/get_example-4066.html

akanevsky
11-17-2005, 12:27 AM
http://www.weberdev.com/get_example-4066.html

Thanks :)

silurius
11-17-2005, 12:44 AM
Based on what I am reading in this thread, my assumption is that this hack does not actually look at the file types being uploaded prior to zipping them up into an archive? Even if this is true it's still a great hack.

I still think some overview of general .zip security considerations may be in order, even if this particular hack doesn't fundamentally alter anything.

Jafo232
11-17-2005, 04:39 AM
Based on what I am reading in this thread, my assumption is that this hack does not actually look at the file types being uploaded prior to zipping them up into an archive? Even if this is true it's still a great hack.

I still think some overview of general .zip security considerations may be in order, even if this particular hack doesn't fundamentally alter anything.

That may be the case, but unless your unzip utility is a trojan, unzipping files will not cause you to be infected.

If you already allow the zip extension, then this extension is for you, otherwise, wait until I release the version that scans files for virii..

Jafo232
11-17-2005, 04:43 AM
Based on what I am reading in this thread, my assumption is that this hack does not actually look at the file types being uploaded prior to zipping them up into an archive?

The unmodified version of XB does not check file types IN a zip file, but yet accepts them.

PixelFx
11-17-2005, 04:55 AM
The unmodified version of XB does not check file types IN a zip file, but yet accepts them.

nice idea, .. now if you could get files to zip on download ? ;)

accually thanks very much for taking the time to make something like this :D

MrNase
11-17-2005, 09:48 AM
Do I get this right, this plugin just zips all files no matter if the user is even allowed to upload this filetype?

So when he uploads a pdf which I forbid he doesn't get an error message and the file gets uploaded?

theArchitect
11-17-2005, 12:46 PM
Do I get this right, this plugin just zips all files no matter if the user is even allowed to upload this filetype?

So when he uploads a pdf which I forbid he doesn't get an error message and the file gets uploaded?

It would seem to be so.

akanevsky
11-17-2005, 06:06 PM
The problem could be easily fixed by performing ZIP [AFTER] the vB file checks, rather than within it. :)

Jafo232
11-18-2005, 01:02 AM
The problem could be easily fixed by performing ZIP [AFTER] the vB file checks, rather than within it. :)

In the end, if you allow zip attachments before this hack, there really is no difference by adding this hack.

Jafo232
11-18-2005, 03:13 PM
If you want to scan files for viruses before they are zipped up, you may be able to use this extension I wrote:

https://vborg.vbsupport.ru/showthread.php?p=824668

yahoooh
10-29-2007, 09:02 AM
any update for 3.6.8