Product Add-ons Limit Upload Size & Only Allow Certain Filetype Extensions
With the Product Add-ons extension there is an extreme security flaw not being able to specify what filetype extensions to be allowed as uploads. Also setting up a max upload size would be beneficial. Currently its default upload size is whatever is specified in the php.ini. So if someone is unable to change that or needs it to to have a 100mb upload limit for personal uploads, then the customers or hackers can flood your server with large files as well as any filetype they want!
This should be a high priority as it is a very popular extension!
Hi everybody, is there any update about this issue?
It seems it has been not yet fixed notwithstanding it's a very delicate flaw!
Kindly let me know,
I just tried to upload a php file to my system and was prevented. Seems this request should be closed?
Tom Burton commented
I agree completely, these are essential components of an file upload field. Using an uploader widget instead of a basic file upload field would be another worthwhile improvement, along with Admin options to resize images upon upload.
Here is a picture example http://support.woothemes.com/attachments/token/JMn8FxTmxUfV5hPepvWqkJ5b1/?name=example1.JPG
This image shows what it looks like currently but needs to change! Even if it's just the CSS to change it to make it look like you can't upload certain types and size then that would be better than nothing.