No Filter and Size limit in Attachment

[conejoninja]

Hello There,
the function to send attachment like resumes etc...need a filter file, i received an exe file that was a virus, the best thing should be a customizable filter eg: txt,doc,pdf etc otherwise a fixed filter that block dangerous file like exe, vbs etc...
I did it my self for contact form, file contact.php on line 76, added this control:

if ($attachment['type'] == 'application/octet-stream') {
osc_add_flash_error_message( _m('Error Message')) ;
$this->redirectTo( osc_contact_url() );
}

Is not the best way to do a filter but i'm not a php programmer so...i do the best i can, anyway, the contact pubblisher form still continue to be dangerous, i tried to do the same thing but it's different.

Another fix is necessary, there is no limit for the file size to upload and sometime people send file over 20 MB consuming much band and slowing the site performance, so we need to have an option to limit the file size.

Thanks
Antonio

Original issue here : osclass/Osclass#594

[Tex70]

Hello Conejo, sorry but i don't understand, the attachment function is not in a plugin but it's an osclass function that is on page /oc-includes/phpmailer/class.phpmailer.php, if i'm in wrong then sorry, otherwise...

Thank you
Antonio

[conejoninja]

Hi Antonio,

The function itseld it's on the core of Osclass, but it should be left as it.

There's no point in filtering in the core of Osclass what type of files you could send over email, because Osclass by itself doesn't have that functionality. Also... what type of files do the admin should restrict to? A resume could be a pdf/doc but it's strange to see a resume in a .jpg format for example. Maybe you want to send jpg by email in other part of your website, but as I said, no-one send his/her resume in a .jpg

Osclass' core has the "generic" function, and plugins should use that function.

About the size limit you're right, we're working on it

[conejoninja]

Similar to this one osclass/plugin-jobs_attributes#3