![Demis [Fox-Labs]'s Avatar](https://secure.gravatar.com/avatar/30cdb3d88f2b8f0d7fdea0316b70342b?s=144&r=g&d=https%3A%2F%2Fwww.fox.ra.it%2Fimages%2Favatar-fox.png)
- Posts: 3856
- Thank you received: 515
Attachments / Upload button
20 Jun 2013 00:08 - 06 Sep 2019 14:10 #1
by Demis [Fox-Labs]
Attachments / Upload button was created by Demis [Fox-Labs]
The Upload function should work on every server, regardless of php values such as upload_max_filesize, post_max_size, max_execution_time and so on.
Files are split into small chunks, then sent to the server serially. In this way, on a stable Internet connection, you can upload up to several GB of data if you have time to wait.
On the other hand, a poor Internet connection may stop the upload flow, and currently there is no way to resume an interrupted upload. The file needs to be uploaded from the beginning.
The option "Attachments" > "Size limit for each file" may be used to prevent users from uploading arbitrarily large files.
Do you need 2 (or more) upload buttons?
Actually, you don't. Think about your email client, does it have 2 attach buttons? Probably it doesn't, but it accepts multiple attachments anyway.
Expert users often use a multiple selection as shown in the picture below, while beginners would probably press the upload button repeatedly selecting one file at a time.
Fox Contact supports both these methods, even when a previous upload is still in progress.
If you prefer to notify your users that the upload button can be pressed more than once, you can add a note about that in the field description.
Make attachments mandatory
The property "Minimum number of files" determines the lowest number of uploaded files required to validate the form. For example, if you set it to 3, the form will not validate until the user has attached at least 3 files. It can be used also in conjunction with "Maximum number of files".
Limit the number of attachments
Likewise, the property "Maximum number of files" determines the highest number of uploaded files the form will accept. For example, if you set it to 5, the form will not validate if the user has attached more than 5 files, and he will be forced to remove some of them in order to submit the form. It can be used also in conjunction with "Minimum number of files".
Filter based on the file type
Upload function has an optional file type filter feature based on the file type.
Note that "file type" does not means " file extension ". For example, you can chose whether you want to allow "Documents", "Video", "Images", and so on, but you don't need to worry about the related extensions such as ".doc", ".docx", ".pdf", and hundreds of similar extensions.
When "File type filter" is disabled, the Upload button will continue working, but no filter will be applied. In other words, the server will accept all files.
If you choose to disable the "File type filter", don't worry about security, Fox Contact has a strong security over the file uploaded, and it does not rely on the file types.
Receiving large attachments on a limited mailbox
Every mailbox has a quota. If the enquiry included attachments larger than your available mailbox capacity, the message would be rejected and returned to the sender. Since in your case the sender is your website, the message would be probably ultimately lost.
Fox Contact implements safety measures to avoid this.
Usually Fox Contact email notifications come with the uploaded files twice: 1. as actual email attachments, and 2. as http links to the same files archived on your website.
But when the sum of the attached files exceed the value defined in "Email size limit", then the uploaded files won't be physically attached to your notification email. However, you can always click on the http links to the files, in order to manually download them from your website. Doing this, Fox Contact ensures the email delivering by dropping all ballast, but at the same time allows to retrieve the attachments manually on demand.
Be aware of the actual size limit of your own mailbox, and set the option "Email size limit" accordingly. If you are unsure, leave the default value of 20 MB, which is reasonably high to keep the most of the uploaded files as physical email attachments, but at the same time it's reasonably low to avoid problems with the most of the modern mailboxes.
Furthermore, the default value of 20 MB was weighted carefully considering performance reasons and any possible impact on your user's experience. Depending on the web server CPU power and its outbound bandwidth towards its email server, it could take a while for the server to prepare and send a large email. During all that time, the user has to wait, looking at an hourglass, and no "Thank you" message will be displayed until the email is entirely sent.
Preparing email attachments as http links instead, does not require CPU time and does not increase email size.
Two special values can be set in "Email size limit" option.
1. Minimal - It means that you have a minimal amount of space in your mailbox, and instructs Fox Contact to always skip physical attachments and fall back to http links, regardless of the size of the file uploaded.
1. Unlimited - It means that you have virtually unlimited amount of space in your mailbox. In this case Fox Contact will always put uploaded files as physical attachments to the notification email, as large as they may be.
Server Error 500 clicking the attachment link in the mail
If you receive an error 500, (or a blank page) when trying to access your attachments through the link in the notification email, it is almost certainly due to incompatibility with your server.
Short answer: delete the fileFor further details, please read on.
That file is not important for the normal operation of your forms, it only increases the security of your server.
It basically contains 4 sections that impose a few additional security restrictions. They can be enabled and disabled separately, if one of them results incompatible with your server.
1. The first one turns off the PHP engine on the upload folder, but it's disabled by default since it's incompatible with a considerable number of servers.
2. The second prevents listing the content of the upload folder. This protection is not important if you have disabled directory browsing "site wide", as a safe host should be.
3. and 4. The third and the forth, prevent the execution of respectively PHP and HTML eventually uploaded.
During the upload phase, Fox Contact applies strict controls against PHP scripts, in order to prevent them from being uploaded at all. However, in the improbable case of a future vulnerability allowing the upload of PHP scripts, then the .htaccess (if present) would prevent the scripts from be executed.
Files are split into small chunks, then sent to the server serially. In this way, on a stable Internet connection, you can upload up to several GB of data if you have time to wait.
On the other hand, a poor Internet connection may stop the upload flow, and currently there is no way to resume an interrupted upload. The file needs to be uploaded from the beginning.
The option "Attachments" > "Size limit for each file" may be used to prevent users from uploading arbitrarily large files.
Do you need 2 (or more) upload buttons?
Actually, you don't. Think about your email client, does it have 2 attach buttons? Probably it doesn't, but it accepts multiple attachments anyway.
Expert users often use a multiple selection as shown in the picture below, while beginners would probably press the upload button repeatedly selecting one file at a time.
Fox Contact supports both these methods, even when a previous upload is still in progress.
If you prefer to notify your users that the upload button can be pressed more than once, you can add a note about that in the field description.
Make attachments mandatory
The property "Minimum number of files" determines the lowest number of uploaded files required to validate the form. For example, if you set it to 3, the form will not validate until the user has attached at least 3 files. It can be used also in conjunction with "Maximum number of files".
Limit the number of attachments
Likewise, the property "Maximum number of files" determines the highest number of uploaded files the form will accept. For example, if you set it to 5, the form will not validate if the user has attached more than 5 files, and he will be forced to remove some of them in order to submit the form. It can be used also in conjunction with "Minimum number of files".
Filter based on the file type
Upload function has an optional file type filter feature based on the file type.
Note that "file type" does not means " file extension ". For example, you can chose whether you want to allow "Documents", "Video", "Images", and so on, but you don't need to worry about the related extensions such as ".doc", ".docx", ".pdf", and hundreds of similar extensions.
When "File type filter" is disabled, the Upload button will continue working, but no filter will be applied. In other words, the server will accept all files.
If you choose to disable the "File type filter", don't worry about security, Fox Contact has a strong security over the file uploaded, and it does not rely on the file types.
Receiving large attachments on a limited mailbox
Every mailbox has a quota. If the enquiry included attachments larger than your available mailbox capacity, the message would be rejected and returned to the sender. Since in your case the sender is your website, the message would be probably ultimately lost.
Fox Contact implements safety measures to avoid this.
Usually Fox Contact email notifications come with the uploaded files twice: 1. as actual email attachments, and 2. as http links to the same files archived on your website.
But when the sum of the attached files exceed the value defined in "Email size limit", then the uploaded files won't be physically attached to your notification email. However, you can always click on the http links to the files, in order to manually download them from your website. Doing this, Fox Contact ensures the email delivering by dropping all ballast, but at the same time allows to retrieve the attachments manually on demand.
Be aware of the actual size limit of your own mailbox, and set the option "Email size limit" accordingly. If you are unsure, leave the default value of 20 MB, which is reasonably high to keep the most of the uploaded files as physical email attachments, but at the same time it's reasonably low to avoid problems with the most of the modern mailboxes.
Furthermore, the default value of 20 MB was weighted carefully considering performance reasons and any possible impact on your user's experience. Depending on the web server CPU power and its outbound bandwidth towards its email server, it could take a while for the server to prepare and send a large email. During all that time, the user has to wait, looking at an hourglass, and no "Thank you" message will be displayed until the email is entirely sent.
Preparing email attachments as http links instead, does not require CPU time and does not increase email size.
Two special values can be set in "Email size limit" option.
1. Minimal - It means that you have a minimal amount of space in your mailbox, and instructs Fox Contact to always skip physical attachments and fall back to http links, regardless of the size of the file uploaded.
1. Unlimited - It means that you have virtually unlimited amount of space in your mailbox. In this case Fox Contact will always put uploaded files as physical attachments to the notification email, as large as they may be.
Server Error 500 clicking the attachment link in the mail
If you receive an error 500, (or a blank page) when trying to access your attachments through the link in the notification email, it is almost certainly due to incompatibility with your server.
Short answer: delete the file
components/com_foxcontact/uploads/.htaccessThat file is not important for the normal operation of your forms, it only increases the security of your server.
It basically contains 4 sections that impose a few additional security restrictions. They can be enabled and disabled separately, if one of them results incompatible with your server.
1. The first one turns off the PHP engine on the upload folder, but it's disabled by default since it's incompatible with a considerable number of servers.
2. The second prevents listing the content of the upload folder. This protection is not important if you have disabled directory browsing "site wide", as a safe host should be.
3. and 4. The third and the forth, prevent the execution of respectively PHP and HTML eventually uploaded.
During the upload phase, Fox Contact applies strict controls against PHP scripts, in order to prevent them from being uploaded at all. However, in the improbable case of a future vulnerability allowing the upload of PHP scripts, then the .htaccess (if present) would prevent the scripts from be executed.
Please Log in or Create an account to join the conversation.