Support

Akeeba Ticket System

#42046 Archives containing php files not accepted

Posted in ‘Akeeba Ticket System for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
5.3.1
PHP version
8.1
Akeeba Ticket System version
5.3.6

Latest post by nicholas on Thursday, 26 June 2025 05:38 CDT

Wednesday, 25 June 2025 06:44 CDT

peterader

Hi,

I have an issue when somebody is attaching an archive to a ticket, which contains php files it's being ignored. I traced it down to this. Zip files that contain xml and txt files are working fine. As soon as there is a php file inside it's not attached (no error, no message).

I also have Admin tools installed. Is there anything that would scan the uploaded file for the php files and then reject/ignore it? Can I change this in a configuration? I would appreciate if you can point me in the right direction as I can't find such a setting anywhere.

Thank you!

Wednesday, 25 June 2025 07:30 CDT

nicholas

While Admin Tools used to have a feature UploadShield, we had contributed that to Joomla itself a long time ago. We removed UploadShield from Admin Tools since ersion 7.0. Therefore, the upload is being rejected by Joomla itself, not Admin Tools. 

If you really want to throw caution to the wind and allow users to upload ZIP files with PHP files, as well as any other kind of file, go to ATS' Options page, Attachments tab, and set "Allow unsafe uploads" to Yes. This tells Joomla to not execute any of its checks: content, extension, and MIME type.

There is no more fine-grained control over this, as Joomla does not actually offer such a feature. It only allows developers to turn any and all checks on or off, not pick and choose what to disable.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Thursday, 26 June 2025 01:08 CDT

peterader

Thank you Nicholas. I appreciate your detailed and helpful explanation.

I have tried to enable unsafe uploads but I'm afraid it's still the same. Once an archive contains a single php file it's ignored. Is it possible that Joomla doesn't allow anymore that this check is turned off?

Thursday, 26 June 2025 05:38 CDT

nicholas

Ah, you're right. The code is in Joomla\CMS\Filesystem\File::upload.

Here's the thing. Supposedly, the Joomla\CMS\Filesystem\File::upload method is deprecated in Joomla 5 and will(?) be removed in Joomla 6 – at least according to the code comments. The next version of ATS will replace it with Joomla\Filesystem\File::upload which does not check the ZIP file contents, so this will no longer be an issue.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!