Guest Posted September 23, 2003 Share Posted September 23, 2003 I am releasing a file uploading contribution. This will be the support thread for the contribution. More details will follow after I finish uploading to the contribution area. Thanks, Matt Quote Link to comment Share on other sites More sharing options...
Guest Posted September 23, 2003 Share Posted September 23, 2003 hurry.. Quote Link to comment Share on other sites More sharing options...
Guest Posted September 23, 2003 Share Posted September 23, 2003 Here is the web page for the contribution. Essentially, this adds a file type to the existing four ways of displaying the attributes for a product with the Products Attributes - Option Type Feature contribution (drop down menu, text box, radio buttons, check box). One can use the standard HTML FILE input field (the one with the browse button) to upload a file to the server. The contribution will then rename it uniquely and store the original and new names in a database table. The idea is so that you can upload logos, etc. for placement on things like mugs, t-shirts, and so forth. If you want different kinds of files, you might have to modify the code somewhat. Hth, Matt Quote Link to comment Share on other sites More sharing options...
Guest Posted September 24, 2003 Share Posted September 24, 2003 Hi, I just need to clarify, before I go and install this one . . . Is it the customer that can upload the file so it is available to the admin? OR Is it the admin that uploads the file so that it is available to the customer? Regards, Jarrod Quote Link to comment Share on other sites More sharing options...
azer Posted September 24, 2003 Share Posted September 24, 2003 could u post a screenshot ? tahnks for your work in advance :rolleyes: Quote MS2 Link to comment Share on other sites More sharing options...
Morbantokk Posted September 24, 2003 Share Posted September 24, 2003 THANK YOU. this is what i was searching for the last year...GREAT! i?ll try it now... Quote WAR is not the answer! Link to comment Share on other sites More sharing options...
Morbantokk Posted September 24, 2003 Share Posted September 24, 2003 i have a problem: if i upload an image it is saved as a file without any extension. the files are stored as "1", "2"... instead of "1.jpg" or "2.gif" whats the reason? maybe i did a mistake while the installation? hope for fast help! Quote WAR is not the answer! Link to comment Share on other sites More sharing options...
Guest Posted September 25, 2003 Share Posted September 25, 2003 the files are stored as "1", "2"... instead of "1.jpg" or "2.gif"whats the reason? maybe i did a mistake while the installation? No, that's just the way it works. You can change this behavior by changing the following line in application_top.php (around 375): $products_options_file->set_filename("$insert_id"); to (for example) $products_options_file->set_filename("$insert_id" . $products_options_file->filename); Hth, Matt Quote Link to comment Share on other sites More sharing options...
Guest Posted September 25, 2003 Share Posted September 25, 2003 Is it the customer that can upload the file so it is available to the admin? ORIs it the admin that uploads the file so that it is available to the customer? The customer uploads a file. Hth, Matt Quote Link to comment Share on other sites More sharing options...
Morbantokk Posted September 25, 2003 Share Posted September 25, 2003 the files are stored as "1", "2"... instead of "1.jpg" or "2.gif"whats the reason? maybe i did a mistake while the installation? No, that's just the way it works. You can change this behavior by changing the following line in application_top.php (around 375): ? ? ? ? ? ? ? ? $products_options_file->set_filename("$insert_id"); to (for example) ? ? ? ? ? ? ? ? ?$products_options_file->set_filename("$insert_id" . $products_options_file->filename); Hth, Matt thank you. now it works ;) but the next wish i have is to allow only some file extensions like gif or jpg... the user shouldn?t upload zip-files or whatever... i want only graphic and vektor-files.. how can i realise this? Ron Quote WAR is not the answer! Link to comment Share on other sites More sharing options...
Morbantokk Posted September 25, 2003 Share Posted September 25, 2003 i have tried to realise the extension-thing by myself... and it works. i?ve changed the classes/upload.php old code: function upload($file = '', $destination = '', $permissions = '777', $extensions = '') { new code: function upload($file = '', $destination = '', $permissions = '777', $extensions = array("jpg", "jpeg", "gif", "png", "eps", "cdr", "ai", "pdf")) { i?m happy ;) but, iiinetworks: what do you think when the error-messages like "wrong filetype" are ready for use? Quote WAR is not the answer! Link to comment Share on other sites More sharing options...
dugs Posted September 25, 2003 Share Posted September 25, 2003 Great contribution ! and excellent remark about file extension. Think of security issues: imagine someone uploading e.g. a php file (or any serverside executable file) and assuming that execute permission exists on upload target directory: could be harmfull ! Regards Quote Link to comment Share on other sites More sharing options...
Guest Posted September 26, 2003 Share Posted September 26, 2003 (edited) and excellent remark about file extension. Think of security issues: imagine someone uploading e.g. a php file (or any serverside executable file) and assuming that execute permission exists on upload target directory: could be harmfull !Execute permissions on a directory just allow a directory listing (without them, the directory is essentially useless). However, looking at the code, you are correct that there is a danger involved with possible uploading of executable files. To fix this, you can do three things: one, change line 18 of upload.php to say , $permissions = '666', two, add the $extensions default as suggested above (same line); three, copy the .htaccess file from the includes directory to the upload directory. Note: each of these is a separate (albeit related) vulnerability, so one should do all three rather than just one. I'll look into adding these in a replacement upload sometime next week, probably with a revised .htaccess file. Hth, Matt Edited September 26, 2003 by iiinetworks Quote Link to comment Share on other sites More sharing options...
Guest Posted September 26, 2003 Share Posted September 26, 2003 but, iiinetworks: what do you think when the error-messages like "wrong filetype" are ready for use?I'll try playing with the error messages next week as well. It might be as simple as moving the messageStack lines (around 523-6 of application_top.php) up above the switch (around line 329) and uncommenting the error lines from upload.php. Hth, Matt Quote Link to comment Share on other sites More sharing options...
Morbantokk Posted September 27, 2003 Share Posted September 27, 2003 my problem is that i use the older version MS1 of osc..there exists no classes/message_stack.php i?ve tried to copy the file to my classes but it doesn`t work... what can i do? Quote WAR is not the answer! Link to comment Share on other sites More sharing options...
Guest Posted September 28, 2003 Share Posted September 28, 2003 The simplest way to implement error messages for older snapshots would be to use a global variable, turn off the redirect at the end of the add_products case (at least on error), and react to the error on the product_info page. Just to let you know, I find it unlikely at the moment that I will undertake a project to backport the messages to older snapshots. In fact, unless it is simple, it may be a while before I get around to making messages work for MS2. Good luck, Matt Quote Link to comment Share on other sites More sharing options...
Morbantokk Posted September 28, 2003 Share Posted September 28, 2003 maybe you could describe this a little bit more? can?t follow you.. Quote WAR is not the answer! Link to comment Share on other sites More sharing options...
dugs Posted September 29, 2003 Share Posted September 29, 2003 Just noticed a weird thing in 0.7 version of code that I downloaded from link above: In application_top.php I see $products_options_file->set_destination(DIR_FS_UPLOAD); ; but in configure.php I see define('DIR_FS_UPLOADS', DIR_FS_CATALOG . DIR_WS_UPLOADS); And of course when I add my item (with file input option) to my cart I get: Not writeable! DIR_FS_UPLOAD: Changing to DIR_FR_UPLOAD (with no S at end) in configure.php helps. Besides, In configure.php, code has been changed compared to OSC original file from define('DIR_FS_CATALOG', dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME'])); to define('DIR_FS_CATALOG', $FS_DOCUMENT_ROOT . DIR_WS_HTTP_CATALOG);. I reset this back to original code to have contrib working, ... but I was wondering why these changes... ? Quote Link to comment Share on other sites More sharing options...
Dunster Posted October 6, 2003 Share Posted October 6, 2003 This is a great contribution and I manged to get everything generally working. It will be nice to generated some error messages on an invalid file type. I have noticed one problem though. In the admin area when I try to change the "Value Price" for the upload (or any option) I get a SQL error: 1064 - You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'products_options where products_options_id = '3'' at line 1 select products_options_type fro products_options where products_options_id = '3' Any idea if this is just a problem on my system or how I would go about debugging it? Quote Link to comment Share on other sites More sharing options...
Dunster Posted October 6, 2003 Share Posted October 6, 2003 That bug is easy: Just change "fro" to "from" in about line 134 in product_attributes.php in the admin code. Quote Link to comment Share on other sites More sharing options...
Guest Posted October 7, 2003 Share Posted October 7, 2003 Update (v.71) released: New feature: .htaccess for upload directory so that people cannot access those files New feature: error messages enabled through messageStack mechanism Change: file types limited to picture file types by default Change: file permissions changed to 666 by default (formerly 777) Fixed: two spelling mistakes: DIR_FS_UPLOAD in includes/configure.php.default and fro to from in line 134 of admin/products_attributes.php Note: since the contribution renames the files without an extension, it is not possible to upload a server-side executable script to the upload directory. At worst, it would just display the text of the script. However, I included the .htaccess for that directory in case someone is using the original name or something like 1-image.gif for a file named image.gif that was the first uploaded. To access those files, just use a regular FTP program (preferably one that uses a secure/SSH connection). Hth, Matt Quote Link to comment Share on other sites More sharing options...
Morbantokk Posted October 8, 2003 Share Posted October 8, 2003 hi iiinetworks, i think you did a great job on this contrib. but do you think that you can make it compatible with ms1 of osc? the whole message_stack thing doesn?t run under ms1...but i like to have the messages... hope you can help Quote WAR is not the answer! Link to comment Share on other sites More sharing options...
Morbantokk Posted October 15, 2003 Share Posted October 15, 2003 if i use your new upload with all the messagestack features i get the following error: Call to a member function on a non-object in on line 71 in upload.php why this? Quote WAR is not the answer! Link to comment Share on other sites More sharing options...
Guest Posted October 15, 2003 Share Posted October 15, 2003 If messageStack is not defined, then it will throw that error when the code tries to call messageStack functions. It's basically saying that there is no such thing as $messageStack For MS2, I modified application_top.php to create the messageStack earlier (prior to the upload code). This allows it to run properly. I'm not sure what keeps messageStack from running in MS1. Hth, Matt Quote Link to comment Share on other sites More sharing options...
Morbantokk Posted October 15, 2003 Share Posted October 15, 2003 i?ve installed the osdox-version of ms2 which includes some nice contribs... in this version i?ve tried to install your contrib... its a ms2..but anything seems to be wrong... but if i put redirections to the upload-class instead of the messagestack it runs..so if an error occurs i will be redirected to a selfmade error-page... it seems that the message stack will not be initialized correctly... Quote WAR is not the answer! Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.