Added "Disable Safety Check" option to upload element, to allow skipp…

…ing of JFile::isSafeFile() checking in JFile::upload(), which prevents uploading of (for example) ZIP's with PHP files in them.

plugins/fabrik_element/fileupload/adaptors/filesystemstorage.php

@@ -221,7 +221,10 @@ public function upload($tmpFile, $filepath)
 	{
 		$this->uploadedFilePath = $filepath;
 
-		if (JFile::upload($tmpFile, $filepath))
+		$params = $this->getParams();
+		$allowUnsafe = $params->get('allow_unsafe', '0') === '1';
+
+		if (JFile::upload($tmpFile, $filepath, false, $allowUnsafe))
 		{
 			return $this->createIndexFile(dirname($filepath));
 		}

plugins/fabrik_element/fileupload/fileupload.php

@@ -1853,7 +1853,6 @@ protected function _processIndUpload(&$file, $myFileDir = '', $repeatGroupCounte
 		if (!$storage->upload($tmpFile, $filePath))
 		{
 			$uploader->moveError = true;
-			$this->setError(100, JText::sprintf('PLG_ELEMENT_FILEUPLOAD_UPLOAD_ERR', $tmpFile, $filePath));
 
 			return;
 		}
@@ -2481,7 +2480,6 @@ protected function plupload($str, $repeatCounter, $values)
 	public function onAjax_upload()
 	{
 		$input = $this->app->input;
-		$this->loadMeForAjax();
 
 		/*
 		 * Got this warning on fabrikar.com - not sure why set testing with errors off:
@@ -2527,6 +2525,15 @@ public function onAjax_upload()
 				'size' => $_FILES['file']['size']
 			);
 			$filePath = $this->_processIndUpload($file, '', 0);
+
+			if (empty($filePath))
+			{
+				$o->error = FText::_('PLG_ELEMENT_FILEUPLOAD_UPLOAD_ERR');
+				echo json_encode($o);
+
+				return;
+			}
+
 			$uri = $this->getStorage()->pathToURL($filePath);
 			$o->filepath = $filePath;
 			$o->uri = $uri;

plugins/fabrik_element/fileupload/forms/fields.xml

@@ -109,6 +109,17 @@
 				<option value="1">JYES</option>
 			</field>
 
+
+			<field name="allow_unsafe"
+			       type="radio"
+			       class="btn-group"
+			       default="0"
+			       description="PLG_ELEMENT_FILEUPLOAD_ALLOW_UNSAFE_DESC"
+			       label="PLG_ELEMENT_FILEUPLOAD_ALLOW_UNSAFE_LABEL">
+				<option value="0">JNO</option>
+				<option value="1">JYES</option>
+			</field>
+
 		</fieldset>
 
 		<fieldset name="plg-fileupload-display"

plugins/fabrik_element/fileupload/language/en-GB/en-GB.plg_fabrik_element_fileupload.ini

@@ -190,7 +190,8 @@ PLG_ELEMENT_FILEUPLOAD_SIZE="Size"
 PLG_ELEMENT_FILEUPLOAD_START_UPLOAD="Start upload"
 PLG_ELEMENT_FILEUPLOAD_STATUS="Status"
 PLG_ELEMENT_FILEUPLOAD_UPLOAD_ALL_FILES="Please ensure you have uploaded all files before submitting the form"
-PLG_ELEMENT_FILEUPLOAD_UPLOAD_ERR="Error. Unable to upload file (from %s to %s)"
+PLG_ELEMENT_FILEUPLOAD_UPLOAD_ERR="Error. Unable to upload file."
 PLG_ELEMENT_FILEUPLOAD_INDEX_FILE_CONTENT="Nothing to see here.  Move along.  This file was created by Fabrik.  If it is appearing in an unexpected location, the site admin should check the configuration of any file upload elements on Fabrik forms, to ensure that an upload path has been set correctly."
 PLG_ELEMENT_FILEUPLOAD_INSTALL_ALL_VIDEOS="To display this media files types you need to install the all videos plugin - http://www.joomlaworks.gr/content/view/35/41/"
-
+PLG_ELEMENT_FILEUPLOAD_ALLOW_UNSAFE_DESC="Setting this to Yes will bypass Joomla's isSafeFile() checking, which checks for suspicious naming and potential PHP contents which could indicate a hacking attempt.  Only enable this option if you are absolutely sure you need to, for instance if you need to upload ZIP files containing PHP, and that your form is suitably secure from non-authorized users."
+PLG_ELEMENT_FILEUPLOAD_ALLOW_UNSAFE_LABEL="Disable Safety Check"