Pdf File Upload In Joomla Extensions
OSDownloads and Joomla PDFs. OSDownloads is the easiest way to add downloads to Joomla. OSDownloads gives you a flexible and reliable Joomla downloads directory that you can use to store PDFs. If you have a lot of PDFs and other files, OSDownloads is a good place to start. If you'd like a full guide to OSDownloads, click this link.
Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.
Sign upHave a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Comments
commented May 17, 2017 • edited by joomla-cms-bot
edited by joomla-cms-bot
Placeholder issue to catch trending issues with Joomla 3.7.1 & incoming reports with regards to uploading issues due to new mime checks If you are having an issue with PDFs (And other files) not uploading in Joomla 3.7.1 DONT start a new issue, post here, Please provide a FULL file of your system information from the system information page of Joomla admin (Download as text)
|
added the No Code Attached Yet label May 17, 2017
commented May 17, 2017 • edited
edited
PHP 7.0.1/Joomla 3.7.1 |
commented May 17, 2017
Please check the allowed mine types as we now force to check on that. |
commented May 17, 2017
I have application/pdf listed in the allowed MIME types. I could upload pdfs just fine before I upgraded to 7.1 |
commented May 17, 2017
please try your file against this checker: http://mime.ritey.com/ and told us the result. |
commented May 17, 2017
File results The MIME type for your file is: application/pdf |
commented May 17, 2017
Do you not get that error when you try to upload pdfs zero? |

commented May 17, 2017
I cannot replicate the problem, I can upload PDF's with Joomla 3.7.1 (out of the box install) @freshlookweb Please provide a FULL file of your system information from the system information page of Joomla admin (Download as text) - and what is the full content of the Legal MIME Types box on this page on your site /administrator/index.php?option=com_config&view=component&component=com_media |
commented May 17, 2017
Having same issue with pdf files - checked all the settings ...only way i was able to get it to upload a pdf through Media Manager was Joomla was updated this morning and issue started. This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/16086. |
commented May 17, 2017
@tpaljr63 Please provide a FULL file of your system information from the system information page of Joomla admin (Download as text) |
commented May 17, 2017
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/16086. |
commented May 17, 2017
Please add |
commented May 17, 2017
As a test, and then report back here if that works for you :) |
commented May 17, 2017
Removed the pdf from ignored extensions - added application/octet-stream - tested uploading a pdf through Media Manager - Success! This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/16086. |
commented May 17, 2017
@tpaljr63 please try your file against this checker: http://mime.ritey.com/ and tell us the result. |
commented May 17, 2017
File results |
commented May 17, 2017
ok found the problem. it is about the ordering of the options to check. We should first check here: https://github.com/joomla/joomla-cms/blob/staging/libraries/cms/helper/media.php#L81 and than the other. Or implement some kind of checks for I can do a PR when i'm back at home. |
commented May 17, 2017
Questions: Why would adding the 'application/octet-stream' to Legal MIME Types affect pdf upload in Media Manager since 'application/pdf' was allowed already and is there a Security Risk adding 'application/octet-stream' to the Legal MIME Types? This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/16086. |
commented May 17, 2017
Thanks Zero and Phil This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/16086. |
commented May 17, 2017
@tpaljr63 actually is not Joomla but the server (apache I guess) that is missing some vital info (mimes): http://stackoverflow.com/questions/13847234/apache2-server-mime-types |
commented May 17, 2017
saddly not http://php.net/manual/en/function.exif-imagetype.php can only detect image mimes. So it fails on PDF files or similiar and return the |
commented May 17, 2017
Sorry for my ignorance...what is the solution? Do I have to addapplication/octet-stream to all my websites or will there be a Joomlaupdate to fix this?Eric SchusterFresh Look Web Design757.646.7908eric.schuster@freshlookwebdesign.comwww.freshlookwebdesign.com …On Wed, May 17, 2017 at 1:11 PM, zero-24 ***@***.***> wrote: actually is not Joomla but the server (apache I guess) that is missing some vital info (mimes): saddly not http://php.net/manual/en/function.exif-imagetype.php can only detect image mimes. So it fails on PDF files or similiar and return the application/octet-stream. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#16086 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AbbZy5RaIMu19b23YnyLNUa24lOQnM-Rks5r6ypCgaJpZM4NeCo2> . |
commented May 17, 2017
This will be looked at, and then a Pull Request made to fix this behaviour, and that, if tested, will make it into Joomla 3.7.2 |
commented May 17, 2017
Thanks guys. With this bug, is it wise for me to delay upgrading all 60+ ofmy websites to 7.1? Could I just wait for 3.7.2?Eric SchusterFresh Look Web Design757.646.7908eric.schuster@freshlookwebdesign.comwww.freshlookwebdesign.com …On Wed, May 17, 2017 at 2:20 PM, Phil Taylor ***@***.***> wrote: This will be looked at, and then a Pull Request made to fix this behaviour, and that, if tested, will make it into Joomla 3.7.2 — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#16086 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AbbZy55ygInU3spl-0E7mXDNqNYA-od0ks5r6zp_gaJpZM4NeCo2> . |
commented May 17, 2017
Hell no. You should have already upgraded ALL your site to Joomla 3.7.1 - it is a CRITICAL security release! |
commented May 17, 2017
If you can risk getting hacked, feel free to delay upgrading to 3.7.1 |
commented May 17, 2017
Please check: #16091 and sorry for any inconvenience |
commented May 17, 2017 • edited
edited
I would have said leave this open a day - so that we dont get a million and one issues all created - thats the point of starting a placeholder issue to gather everyones attention and prevent duplicates... Its proven people dont search... |
commented May 17, 2017
What just helped me with other uploads after 3.7.1.: Administrator > Content > Media > Options > Check MIME Types > No |
commented May 17, 2017
@PetrCo Well lets hope you have VERY trusted users then. We would never recommend running such a setting, use at your own risk |
commented May 17, 2017
Sure you disable all security checks but it woud help if you could check the patch. At #16091 that should fix the issue. Thanks |
commented May 17, 2017
THANKS! |
commented May 17, 2017
Did you tested the Patch? What was the result? |
commented May 17, 2017 • edited
edited
No, I did not, too complex for me, I am afraid. Just thank you for explaining that my 'fix' is dangerous. :-) Switching Check MIME Types > Yes. Cannot wait for new update. |
commented May 17, 2017 • edited
edited
Got it, switching back to Yes :-) |
Upload Pdf File To Website
commented May 17, 2017
I just tested the patch (3files in #16091), and I can confirm a successful upload (jpg, png, pdf). |
commented May 18, 2017
Set to 'closed' on behalf of @franz-wohlkoenig by The JTracker Application at issues.joomla.org/joomla-cms/16086 |
commented May 18, 2017
closed as having PR #16091 This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/16086. |
commented May 26, 2017
I am stil having issues with this. Have updated to 3.72 running php 7.0.15. |
commented May 26, 2017
@OrignlCin see #16238 |
commented Apr 4, 2018
Oke, now we are more then a year further in time, and still this problem is there. I have Joomla! 3.8.6 and can't upload a PDF. I have added application/octet-stream and even set the check mimetype to NO, but still the media manager keeps saying that it's a wrong image. Is there another solution? |
commented Jun 21, 2018
I have arrived here with the same problem, I can confirm @edthenet s assertion that adding application/octet-stream doesn't solve the issue. |
commented Jul 3, 2018 • edited
edited
I have no idea how the Joomla developers consider this CLOSED. But I can tell you a workaround acceptable to some non-technical content contributors: If you use JCE, you can use the LINK editor function, which allows you to browse and upload a PDF to the very same area that was determined 'illegal'. Go figure. Hopefully they won't take this away. :D |
commented Jul 3, 2018
This was closed as there is nothing else to fix in Joomla. Check the mime type of the file you are uploading with the tool at http://mime.ritey.com/ - then decide if you are happy to whitelist that mime type, and if you are then whitelist it. Simple. Out of the box the Joomla filter is set up to be secure. But its your site, so if you want to change the settings you can. No one is stopping you! If, as you say, JCE Editor allows uploads were Joomla doesnt, this doesnt mean Joomla is wrong, what it probably means is Joomla is more secure, and JCE is not respecting your configured MIME Types - thus is probably less secure and allowing of uploads of insecure PDF files. |
commented Jul 3, 2018
Of course if your file doesnt have the mime type of application/octet-stream then that is correct - adding application/octet-stream will not solve your issue. PDF's are notorious for being badly created by all kinds of apps. Although the P D F Format is well documented, it has many many different implementations, and PDF's can generate a lot of different mime types, from application/octet-stream to application/pdf to Unknown. Furthermore if your server doesnt correctly determine the mime type then it can also fail to validate the mime type. This can happen if you have disabled functions in php, or not included all the required PHP extensions required for correct mime identification. Check your PDF files with http://mime.ritey.com/ and see the different results. Then check your server meets the requirements of Joomla. |
commented Jul 3, 2018
There is more technical discussion here #16238 |
commented Jul 3, 2018 • edited
edited
yes as you said there is the topic of
but the problem of @uglyeoin and @goforitweb
Uploaded files are always treated as text even if they are binary etc The larger the file is the bigger chance you have a having a false positive and JCE runs with $allow_unsafe = true Relevant issues zips are not uncompressed but still they are scanned as text files |
commented Jul 3, 2018 • edited
edited
“This was closed as there is nothing else to fix in Joomla.” -- @PhilETaylor I respectfully disagree. An application developer's job is to provide a solution – whether it be Media Manager or something else – as a means of uploading PDFs … unless you are saying that you are completely against PDFs being on a website at all. And if that’s the case, SAY IT! And while you're at it - tell people what content contributors should use as a document object/method instead. You're not leaving us with a solution or guidance. The threads here a read by few, and it's way down in the weeds. Obviously JCE goes around Joomla’s methods because people wanted a way, and Joomla wanted us to be safe. While it may not be ideal, and may be true, JCE is a lot closer to a user-friendly method. |
commented Jul 3, 2018
Nobody's saying that. What is being said is that Joomla must be explicitly configured to support PDF uploads for various reasons and that we are not enabling this out-of-the-box. Extensions may be bypassing the Joomla upload checks, which is fine if they are doing their own checks. That's all it boils down to. The absolute safest file upload method is to send the file to an authorized individual to perform a rudimentary virus scan and FTP upload. As a security measure, Joomla does not just arbitrarily allow any user to upload any file, there are checks in place to try and safely limit what kinds of files can be uploaded through the application since it cannot do an in-depth file scan like an offline scanner would to ensure you aren't uploading something malicious. |
commented Jul 3, 2018 • edited
edited
So I'm telling my non-technical content contributors (the clients!) to 'send the file to an authorized individual (me??) to perform a rudimentary virus scan and FTP upload?' Exactly how do I do that with a straight face? |
commented Jul 3, 2018
I said that's the safest, not that it would be the best option for everyone. File uploads are an inherent security risk in any application and if you're supporting them generally there should be explicit configuration about who can do them and what types of files are allowed (with appropriate server side checks before processing the upload). All I can do is say why we have our code set up in the way we do and why extensions which bypass those checks or other CMS' which don't make checks at all might be problematic down the road (not to say that any Joomla extension which bypasses the core upload processing is unsafe, they can be performing their own checks separately, I don't know the code of every extension and can't speak on it without proper audits). |
commented Jul 3, 2018 • edited
edited
I understand your point of view, i.e. of the developer. I really do. I used to be one many moons ago. :D But you also know that DropBox still has ~45% of the market share with its shoddy security despite losing masssive amounts to its competitors. I won't even mention WP. Oops! I think the happy medium here is to provide visible guidance (possibly in the Media Manager?) where content contributors learn and decide which route they want to take. Leaving it up to the front line support people to do the unenviable task of explaining the almost-unexplainable is Chicken $hit. We're your promoters! Why hang us? Show the right way. Design a real solution and then market the difference! |
commented Jul 4, 2018
I added one more solution #20968 |
Introduction
Did you know that you can embed PDF files in content just like you put flash and other media? Well, this plugin from Techjoomla does exactly that - it allows you to embed PDF files in your content.
You can load an external PDF file in your content very easily using this plugin.
1. Google Viewer Support: This feature is offered by Google Docs. With this you can embed PDF files in a web page. And, the pretty part is - you don't have to be upload PDF files to Google Docs, but those files need to be available online somewhere.
PDF.js Support: It is a community-driven Portable Document Format (PDF) viewer that is built with HTML5 and supported by Mozilla Labs. It is a general-purpose, web standards-based platform for parsing and rendering PDFs.
Editor button plugin for embedding PDF files quickly using PDF Embed plugin.
For our other extensions, visit our Techjoomla website.
PDF Embed
Uses Joomla! Update System
Write a review