I was just wondering. When setting up options, ViArt has the capability to allow customers to upload files to a shop site. This is setup in the Options section.
 
Question is can the customer deliberately upload virus or other such nasty stuff?
 
If yes, how do I protect myself from this?
 
Thanks

Fox Trot:
 
We as the administrators specify what file types are allowed to be uploaded by our customers. I don't think you have to worry about a virus unless you allow the uploading of .exe files or the such.
 
I allow only certain file types (images, docs, pdf's, etc)

Where do you specify that Dan?
 
By the way, now that I have your attention, are you interested in getting something done about the shipping?

admin_download_info.php is where you specify what types they can upload.
 
As far as shipping... tell me exactly what you're looking to change and maybe I'll be able to better understand and go in on it right away

Hi Dan:
 
Thanks.
 
With regards to shipping; our qty selection does not conform to the regular standards. So our qty can vary from 25 units in a package to 5000 pcs or more which fit in many boxes.
 
Basically our orders can ship anywhere. We can ship in a small package to products that ship in several boxes. The box sizes and weights also vary.
 
To get accurate shipping costs we have to find a way to provide this information as accurately to the shipping companies so that we get the lowest cost.
 
I have explained in more detail in the Custom Section of the Forum.
 
I know that Ibn Saeed, Dani, Logan and a couple others have similar situation.
 
I am right now in contact with ViArt and Tony at Holeyland to see if they have suggestions or ideas on how to deal with this.
 
For example I don't use the default qty prompt that is seen with each product. I use the options and values section to generate my own qty values, since they don't increment by 1. Some products start at 25 units and increment by 25. Others start at 50, 100,250,500 and so forth. Others start at 1,2,3,4 etc. So they all vary.
 
Am I making sense to you? How about your situation?
 
Regards

Well,
 
I'm not sure that my situation is very odd. I'm shipping quantities but not very many. For an example, I sell CD's. I send them at one price. Only time this may vary, is that if they're only CD's I can send via usps at a Media Mail Rate, and if I'm sending other items, not media, then I couldn't send it via media mail.

Just add an htaccess to the upload folder (aka. ones with 777 permissions) preventing php uploads .
 
An .exe with a virus will do nothing on your Apache server - but executable code like PHP would.
 
We generally have this in all our folders which have chmod of 777.

Ok:
 
Anyway you can give a more detail info. Not a techie here.
 
Thanks for your help.

Sure, just upload the attached .htaccess file in each folder that has 777 rights set (e.g. Images, or others) and rename it to:
 
.htacess
 
The CHMOD (rights) of a folder can be checked with your FTP access application.

Thanks Dick. Kindly advise me what this will do please?
 
Would it be a problem if I were to upload it to all folders?
 
Thanks in advance.

Yes, you should upload it to all folders where you want to prohibit upload of PHP files.