openupload-devel Mailing List for Open Upload (Page 24)
Status: Beta
Brought to you by:
tsdogs
Menu
▾
▴
openupload-devel — Development and general discussion
You can subscribe to this list here.
| 2008 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(1) |
Nov
(11) |
Dec
(11) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2009 |
Jan
(11) |
Feb
(9) |
Mar
(1) |
Apr
(32) |
May
(31) |
Jun
(6) |
Jul
(9) |
Aug
(108) |
Sep
(27) |
Oct
|
Nov
(9) |
Dec
(9) |
| 2010 |
Jan
(16) |
Feb
(38) |
Mar
(24) |
Apr
(2) |
May
(15) |
Jun
(2) |
Jul
(3) |
Aug
(4) |
Sep
(12) |
Oct
(21) |
Nov
(4) |
Dec
(17) |
| 2011 |
Jan
(7) |
Feb
(6) |
Mar
(26) |
Apr
(35) |
May
(6) |
Jun
(7) |
Jul
(1) |
Aug
(12) |
Sep
(5) |
Oct
(17) |
Nov
(6) |
Dec
(7) |
| 2012 |
Jan
(28) |
Feb
(17) |
Mar
(18) |
Apr
(2) |
May
(6) |
Jun
(15) |
Jul
(3) |
Aug
(3) |
Sep
(13) |
Oct
|
Nov
(6) |
Dec
(6) |
| 2013 |
Jan
(13) |
Feb
(2) |
Mar
|
Apr
(2) |
May
|
Jun
|
Jul
(3) |
Aug
|
Sep
|
Oct
|
Nov
(1) |
Dec
|
| 2014 |
Jan
(2) |
Feb
|
Mar
(2) |
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(2) |
| 2015 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(2) |
Nov
|
Dec
|
| 2016 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
(4) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2019 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
(1) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2020 |
Jan
|
Feb
|
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Alessandro B. <ts...@br...> - 2009-08-17 16:35:39
|
Hi Jason, sorry for the late reply, but was on vacation. Well, I suppose that the supported configuration is apache 2 with php 5.2 or up, but I have not tested it no windows. (jochen, maybe you can help on this?) I have no idea if anybody used or is using it on IIS. Alessandro Weir, Jason ha scritto: > I'll try enabling those options and see what I get.. > > Maybe a better question is - what is the supported Windows > installation?? > > Thanks, > -Jason > > -----Original Message----- > From: Alessandro Briosi [mailto:ts...@br...] > Sent: Monday, July 27, 2009 2:43 PM > To: ope...@li... > Subject: Re: [openupload-devel] FastCGI error > > > Actually I have no experience with FastCGI on windows. > Maybe somebody else can help you on this one. > If there is some php log maybe I can track down better where the error > is. You could try enabling the error_reporting and display_errors to see > > where php stops. > Open Upload itself was reported to be working on windows, dunno about > IIS though. > I suspect some strange configuration error or something not supported, > but I need more info. > > Alessandro > > Weir, Jason ha scritto: >> Hi - I'm going through the Open Upload install on a Win2K3 box... >> >> I installed IIS - Got Php 5.3.0 installed.. >> >> Went through the install process - everything checked out ok - I saved > >> the config.inc.php to the www directory.. >> >> As soon as I did I now get a FastCGI error >> >> FastCGI Error >> The FastCGI Handler was unable to process the request. >> >> Error Details: >> >> * The FastCGI process exited unexpectedly >> * Error Number: -2147467259 (0x80004005). >> * Error Description: Unspecified error >> >> HTTP Error 500 - Server Error. >> Internet Information Services (IIS) >> >> Should I not have installed PHP with FastCGI?? >> >> Any ideas on how to proceed?? >> >> Thanks, >> Jason >> >> >> ______________________________________________________________________ >> _______________________ >> >> Please visit www.nhrs.org to subscribe to NHRS email announcements and > >> updates. >> > ------------------------------------------------------------------------ > ------ >> _______________________________________________ >> Openupload-devel mailing list >> Ope...@li... >> https://lists.sourceforge.net/lists/listinfo/openupload-devel > > ------------------------------------------------------------------------ > ------ > _______________________________________________ > Openupload-devel mailing list Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openupload-devel > > > > ________________________________________________________________________ > _____________________ > > Please visit www.nhrs.org to subscribe to NHRS email announcements and > updates. > > > _____________________________________________________________________________________________ > > Please visit www.nhrs.org to subscribe to NHRS email announcements and updates. > ------------------------------------------------------------------------------ > _______________________________________________ > Openupload-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openupload-devel |
|
From: Leonardo F. C. <leo...@gm...> - 2009-08-15 18:24:53
|
Hi All, first post to this list. I'm very interested in this project. Sorry if it was already discussed, but couldn't find in the archives. 1) Is there any work in progress of translation for Portuguese (Brazil)? 2) What's the best way to introduce SQL Server support? I would like to add this 2 features to OpenUpload. Please send me some information. Sorry about the English. From Brazil Leonardo ----------------------------------------- Leonardo F. Cardoso leonardo.f.cardoso "at" gmail.com leofcar "at" ig.com.br (Alternativo) MSN: lfc...@ho... ----------------------------------------- |
|
From: John J. <myf...@ho...> - 2009-07-27 19:03:59
|
_________________________________________________________________ Windows Live™ Hotmail®: Search, add, and share the web’s latest sports videos. Check it out. http://www.windowslive.com/Online/Hotmail/Campaign/QuickAdd?ocid=TXT_TAGLM_WL_QA_HM_sports_videos_072009&cat=sports |
|
From: Weir, J. <jas...@nh...> - 2009-07-27 18:47:26
|
I'll try enabling those options and see what I get.. Maybe a better question is - what is the supported Windows installation?? Thanks, -Jason -----Original Message----- From: Alessandro Briosi [mailto:ts...@br...] Sent: Monday, July 27, 2009 2:43 PM To: ope...@li... Subject: Re: [openupload-devel] FastCGI error Actually I have no experience with FastCGI on windows. Maybe somebody else can help you on this one. If there is some php log maybe I can track down better where the error is. You could try enabling the error_reporting and display_errors to see where php stops. Open Upload itself was reported to be working on windows, dunno about IIS though. I suspect some strange configuration error or something not supported, but I need more info. Alessandro Weir, Jason ha scritto: > Hi - I'm going through the Open Upload install on a Win2K3 box... > > I installed IIS - Got Php 5.3.0 installed.. > > Went through the install process - everything checked out ok - I saved > the config.inc.php to the www directory.. > > As soon as I did I now get a FastCGI error > > FastCGI Error > The FastCGI Handler was unable to process the request. > > Error Details: > > * The FastCGI process exited unexpectedly > * Error Number: -2147467259 (0x80004005). > * Error Description: Unspecified error > > HTTP Error 500 - Server Error. > Internet Information Services (IIS) > > Should I not have installed PHP with FastCGI?? > > Any ideas on how to proceed?? > > Thanks, > Jason > > > ______________________________________________________________________ > _______________________ > > Please visit www.nhrs.org to subscribe to NHRS email announcements and > updates. > ------------------------------------------------------------------------ ------ > _______________________________________________ > Openupload-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openupload-devel ------------------------------------------------------------------------ ------ _______________________________________________ Openupload-devel mailing list Ope...@li... https://lists.sourceforge.net/lists/listinfo/openupload-devel ________________________________________________________________________ _____________________ Please visit www.nhrs.org to subscribe to NHRS email announcements and updates. _____________________________________________________________________________________________ Please visit www.nhrs.org to subscribe to NHRS email announcements and updates. |
|
From: Alessandro B. <ts...@br...> - 2009-07-27 18:43:23
|
Actually I have no experience with FastCGI on windows. Maybe somebody else can help you on this one. If there is some php log maybe I can track down better where the error is. You could try enabling the error_reporting and display_errors to see where php stops. Open Upload itself was reported to be working on windows, dunno about IIS though. I suspect some strange configuration error or something not supported, but I need more info. Alessandro Weir, Jason ha scritto: > Hi - I'm going through the Open Upload install on a Win2K3 box... > > I installed IIS - Got Php 5.3.0 installed.. > > Went through the install process - everything checked out ok - I saved > the config.inc.php to the www directory.. > > As soon as I did I now get a FastCGI error > > FastCGI Error > The FastCGI Handler was unable to process the request. > > Error Details: > > * The FastCGI process exited unexpectedly > * Error Number: -2147467259 (0x80004005). > * Error Description: Unspecified error > > HTTP Error 500 - Server Error. > Internet Information Services (IIS) > > Should I not have installed PHP with FastCGI?? > > Any ideas on how to proceed?? > > Thanks, > Jason > > > _____________________________________________________________________________________________ > > Please visit www.nhrs.org to subscribe to NHRS email announcements and updates. > ------------------------------------------------------------------------------ > _______________________________________________ > Openupload-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openupload-devel |
|
From: Alessandro B. <ts...@br...> - 2009-07-16 18:23:43
|
Not really yet, it's scheduled as a TODO though. Ciao, Alessandro Magnus Larsson ha scritto: > Is there any way to schedule deletion of expired files? > > > > //Magnus L > > > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------------ > Enter the BlackBerry Developer Challenge > This is your chance to win up to $100,000 in prizes! For a limited time, > vendors submitting new applications to BlackBerry App World(TM) will have > the opportunity to enter the BlackBerry Developer Challenge. See full prize > details at: http://p.sf.net/sfu/Challenge > > > ------------------------------------------------------------------------ > > _______________________________________________ > Openupload-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openupload-devel |
|
From: Magnus L. <or...@sw...> - 2009-07-16 11:37:21
|
Is there any way to schedule deletion of expired files? //Magnus L |
|
From: Alessandro B. <ts...@br...> - 2009-07-04 11:45:15
|
oops, wrong link message. This one contains the patch for the group files. http://sourceforge.net/mailarchive/message.php?msg_name=2487AF39EBB54793886A845784DF9AD4%40platypus Alessandro Alessandro Briosi ha scritto: > Hi, > answer is yes and no... > > Jeff Williams ha scritto: >> Is there a way to do the following with Open Upload >> >> I am looking at this to supply files to different groups. Each group will >> be assigned to a single login. This login will only have the rights to >> download files. >> >> 1. Can an administrator upload files and place these files so they are >> accessable for a group. >> > There is a feature request which has attached a possible solution to > this, but it only can assign a file to a user. > Needs testing... > > http://sourceforge.net/tracker/?func=detail&atid=1117807&aid=2814270&group_id=242018 > > Also it was submitted a patch to give possibility to assign a file to a > group, haven't integrated it yet 'cause I need to test and check it deeper. > > http://sourceforge.net/mailarchive/message.php?msg_name=39451F50D5684C888C204C7B9F1FD497%40platypus > >> 2. Can a File be made available to more than one group. >> > > The thing is that a user once it was granted the possibility to download > files, if they know the file ID and eventually the password associated > to the file, it will be able to see the file, even if it's associated to > other users. > Right now no. I'm thinking on it for next version, but it'll take some time. > > Alessandro > > ------------------------------------------------------------------------------ > _______________________________________________ > Openupload-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openupload-devel |
|
From: Alessandro B. <ts...@br...> - 2009-07-04 10:37:32
|
Hi, answer is yes and no... Jeff Williams ha scritto: > Is there a way to do the following with Open Upload > > I am looking at this to supply files to different groups. Each group will > be assigned to a single login. This login will only have the rights to > download files. > > 1. Can an administrator upload files and place these files so they are > accessable for a group. > There is a feature request which has attached a possible solution to this, but it only can assign a file to a user. Needs testing... http://sourceforge.net/tracker/?func=detail&atid=1117807&aid=2814270&group_id=242018 Also it was submitted a patch to give possibility to assign a file to a group, haven't integrated it yet 'cause I need to test and check it deeper. http://sourceforge.net/mailarchive/message.php?msg_name=39451F50D5684C888C204C7B9F1FD497%40platypus > 2. Can a File be made available to more than one group. > The thing is that a user once it was granted the possibility to download files, if they know the file ID and eventually the password associated to the file, it will be able to see the file, even if it's associated to other users. Right now no. I'm thinking on it for next version, but it'll take some time. Alessandro |
|
From: Jeff W. <jef...@ha...> - 2009-07-04 09:01:30
|
Is there a way to do the following with Open Upload I am looking at this to supply files to different groups. Each group will be assigned to a single login. This login will only have the rights to download files. 1. Can an administrator upload files and place these files so they are accessable for a group. 2. Can a File be made available to more than one group. Looking forward to any comments on how to do this or could it be included in a future version. Regards Jeff |
|
From: Alessandro B. <ts...@br...> - 2009-06-04 17:13:34
|
As Andy said, you should check if you are allowed to override the setting with an .htaccess file. If not, I'm sorry but currently there is not much you can do. I'm implementing an upload option which uses a perl cgi (as many do) which will probably solve this problems. It'll take some time though. Alessandro Andy Hester ha scritto: > jac...@ya... wrote: >> Hi, >> >> I saw in an earlier post about changing the php.ini file to fix the >> file size limitation however I don't believe I have access to it since >> I am running this with an ISP. >> >> Even though I changed the file size in the admin section, I still get >> an error "exceeded file size" when I try to upload say a 6mg file. >> >> I have it set for 500mb. >> >> Is there another workaround to allow larger file uploads in my instance? >> > There is an .htaccess file that also has limitations in it. Of course, > if you are subject to the system wide php.ini then you will be > restricted to whatever is set there. > > -Andy > > > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------------ > OpenSolaris 2009.06 is a cutting edge operating system for enterprises > looking to deploy the next generation of Solaris that includes the latest > innovations from Sun and the OpenSource community. Download a copy and > enjoy capabilities such as Networking, Storage and Virtualization. > Go to: http://p.sf.net/sfu/opensolaris-get > > > ------------------------------------------------------------------------ > > _______________________________________________ > Openupload-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openupload-devel |
|
From: Alessandro B. <ts...@br...> - 2009-06-04 17:10:10
|
Here I am again. <preable> I'm thinking on implementing a sort of file listing (file manager) for "registered" users which probably would solve all this. It seems to be a required feature... </preamble> Jochen Derwae ha scritto: > Hey Alessandro, > > Here is the second plugin I've created. This one provides access to a file > for a whole group. When the plugin is enabled for a certain user, this user > can select one or more groups that can have access to the file. > > Users in said groups will see that file in their file list can see the > details and download the file. The plugin implements the fileList, > uploadOptions, uploadConfirm and fileDetails actions. > ok. I think we must clarify first what's the task to be acomplished by the plugin. Here we have 2 ways. 1. the file can be downloaded from other people (even unregistered) if they know the id (and eventually the protection), but the group can see it in it's files list. 2. the file can be only viewd/downloaded by a group The first option is pretty straight forward. The second one is a bit tricky (but it makes more sense to me). Probably it only needs a check on the download request, and if the user is not part of that group, redirect with an error. > I have made some changes to files.inc.php, more specifically in fileList and > fileDetails: > fileList: the plugin gets an array in which count, rows, offset and the file > list are passed. In the same array, the additional file list from the plugin > and the total number of additional files from the plugin are passed back > through the same array. This way the file list can be reconstructed with the > files from the plugins appended to the original file list. Pagination should > continue to work. > ok. > fileDetails: the plugin can manipulate the finfo array, before access to the > file details are checked. This was done specifically to allow the groupfiles > plugin to let the user see files that are not his, but visible to his group. > Ther might be a more elegant way to do this, but I couldn't immediately find > one. Furthermore, the file options can be manipulated by the plugins and the > fileDetails method will save them back to the database. This allows plugins > to alter the file_options even after the file has been uploaded (which I > think would be a good overall feature). > I'm not sure why you change the owner of the file... Also I think that the user might decide to not share the file within a group. > I might have overstepped some design philosophies you had for OpenUpload to > implement this plugin, let me know how it works out for you. As always, I'm > happy to make changes to let it fit better with what you had in mind. > Somehow yes, but imho it's an OpenUpload design shortage. Alessandro |
|
From: Alessandro B. <ts...@br...> - 2009-06-04 16:50:43
|
Hi Jochen, sorry for the late reply. > Thanks for reviewing it and giving me feedback. Although, sorry to say, I'm > not entirely sure what you mean. Are you saying that I misused the plugin > system for administrating user data (should I have made a module?) Or do you > mean that plugins altogether where never meant as an enhancement of the user > (or other) administration? > No, I'm saying that the way OpenUpload is designed right now has not considered plugins to extend the user data. Which should be fixed in next version imho. > The way I interpreted it is that plugins can (or could or should) manipulate > all entities in the system (users, groups, ...) and not just files. > yep. > Please let me know if I can be of any assistance with making changes to > either the plugin or any other part of the system. > Well, the problem here is noted above. It's not correct to have to enable the plugin for the administrators in this case. > > Indeed I code on windows, my apologies for not catching the case sensitivity > of the filenames. It might have been more of a reflex, writing the directory > name in camelcase (-: > no prob. > > In the mean while, I've made progres on the group assignment of files. I > have managed to implement it using a plugin as well. I did have to make some > (very minor) changes to the base system to get it to work but, I'll write > you later today or tomorrow to with the patch and an explanation. > > > There is one potentially critical issue I noticed though: anyone can > download files without necessarily having the rights to them. When a user > has the right to download files and knows the id of a file in the system > (not necessarily one he has access to) he can still download it. I did not > find any check on ownership of the file in the whole download procedure > (downloadForm, downloadRequest and downloadConfirm). Any user with the > download rights can thus craft a request string > (http://localhost/~OpenUpload/www/?action=d&id=******) and proceed with the > download. > Because it was not meant to work this way. The captcha and the password (better), should be the protection to the file. Probably implementing a check on the file that only the users on that group can download that file is the way to go. (it's like an hidden password) I will discuss this in the next e-mail.... Alessandro |
|
From: Alessandro B. <ts...@br...> - 2009-06-04 16:43:01
|
thanks. :) Michael Mansour ha scritto: > Hi, > > I've nominated openupload for the "Best New Project" category. > > If you'd like to do the same: > > <a href="http://sourceforge.net/community/cca09/nominate/?project_name=Open > Upload&project_url=http://sourceforge.net/projects/openupload/"><img > src="http://sourceforge.net/images/cca/cca_nominate.png" border="0"/></a> > > Thanks to the developers :) > > Michael. > > ------------------------------------------------------------------------------ > Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT > is a gathering of tech-side developers & brand creativity professionals. Meet > the minds behind Google Creative Lab, Visual Complexity, Processing, & > iPhoneDevCamp asthey present alongside digital heavyweights like Barbarian > Group, R/GA, & Big Spaceship. http://www.creativitycat.com > _______________________________________________ > Openupload-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openupload-devel |
|
From: Andy H. <and...@eu...> - 2009-06-03 18:50:35
|
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
<a class="moz-txt-link-abbreviated" href="mailto:jac...@ya...">jac...@ya...</a> wrote:
<blockquote cite="mid:277...@we..."
type="cite">
<style type="text/css"><!-- DIV {margin:0px;} --></style>
<div
style="font-family: verdana,helvetica,sans-serif; font-size: 10pt;">
<div>Hi,</div>
<div><br>
</div>
<div>I saw in an earlier post about changing the php.ini file to fix
the file size limitation however I don't believe I have access to it
since I am running this with an ISP.</div>
<div><br>
</div>
<div>Even though I changed the file size in the admin section, I
still get an error "exceeded file size" when I try to upload say a 6mg
file.</div>
<div><br>
</div>
<div>I have it set for 500mb.</div>
<div><br>
</div>
<div>Is there another workaround to allow larger file uploads in my
instance?</div>
<div><br>
</div>
</div>
</blockquote>
There is an .htaccess file that also has limitations in it. Of course,
if you are subject to the system wide php.ini then you will be
restricted to whatever is set there.<br>
<br>
-Andy<br>
</body>
</html>
|
|
From: <jac...@ya...> - 2009-06-03 16:47:51
|
Hi, I saw in an earlier post about changing the php.ini file to fix the file size limitation however I don't believe I have access to it since I am running this with an ISP. Even though I changed the file size in the admin section, I still get an error "exceeded file size" when I try to upload say a 6mg file. I have it set for 500mb. Is there another workaround to allow larger file uploads in my instance? Thank you! Tom |
|
From: Jochen D. <jo...@co...> - 2009-05-24 09:42:15
|
Hey Alessandro, Here is the second plugin I've created. This one provides access to a file for a whole group. When the plugin is enabled for a certain user, this user can select one or more groups that can have access to the file. Users in said groups will see that file in their file list can see the details and download the file. The plugin implements the fileList, uploadOptions, uploadConfirm and fileDetails actions. I have made some changes to files.inc.php, more specifically in fileList and fileDetails: fileList: the plugin gets an array in which count, rows, offset and the file list are passed. In the same array, the additional file list from the plugin and the total number of additional files from the plugin are passed back through the same array. This way the file list can be reconstructed with the files from the plugins appended to the original file list. Pagination should continue to work. fileDetails: the plugin can manipulate the finfo array, before access to the file details are checked. This was done specifically to allow the groupfiles plugin to let the user see files that are not his, but visible to his group. Ther might be a more elegant way to do this, but I couldn't immediately find one. Furthermore, the file options can be manipulated by the plugins and the fileDetails method will save them back to the database. This allows plugins to alter the file_options even after the file has been uploaded (which I think would be a good overall feature). I might have overstepped some design philosophies you had for OpenUpload to implement this plugin, let me know how it works out for you. As always, I'm happy to make changes to let it fit better with what you had in mind. enjoy jochen |
|
From: Michael M. <mi...@np...> - 2009-05-23 23:23:07
|
Hi, I've nominated openupload for the "Best New Project" category. If you'd like to do the same: <a href="http://sourceforge.net/community/cca09/nominate/?project_name=Open Upload&project_url=http://sourceforge.net/projects/openupload/"><img src="http://sourceforge.net/images/cca/cca_nominate.png" border="0"/></a> Thanks to the developers :) Michael. |
|
From: Jochen D. <jo...@co...> - 2009-05-23 17:05:10
|
Hey Alessandro, Thanks for reviewing it and giving me feedback. Although, sorry to say, I'm not entirely sure what you mean. Are you saying that I misused the plugin system for administrating user data (should I have made a module?) Or do you mean that plugins altogether where never meant as an enhancement of the user (or other) administration? The way I interpreted it is that plugins can (or could or should) manipulate all entities in the system (users, groups, ...) and not just files. Please let me know if I can be of any assistance with making changes to either the plugin or any other part of the system. Indeed I code on windows, my apologies for not catching the case sensitivity of the filenames. It might have been more of a reflex, writing the directory name in camelcase (-: In the mean while, I've made progres on the group assignment of files. I have managed to implement it using a plugin as well. I did have to make some (very minor) changes to the base system to get it to work but, I'll write you later today or tomorrow to with the patch and an explanation. There is one potentially critical issue I noticed though: anyone can download files without necessarily having the rights to them. When a user has the right to download files and knows the id of a file in the system (not necessarily one he has access to) he can still download it. I did not find any check on ownership of the file in the whole download procedure (downloadForm, downloadRequest and downloadConfirm). Any user with the download rights can thus craft a request string (http://localhost/~OpenUpload/www/?action=d&id=******) and proceed with the download. I have tested this a bit, but I'm not yet sure if it's definitely, absolutely always the case. Some of my tests blocked the download from happening, others allowed it. I also didn't test on a clean system, so perhaps my changes broke something. Enjoy Jochen -----Original Message----- From: Alessandro Briosi [mailto:ts...@br...] Sent: vrijdag 22 mei 2009 19:16 To: OpenUpload Delvel and General talk Subject: Re: [openupload-devel] New Plugin: account_expire Hi Jochen, I'm not really convinced about this. Though coding is correct (only minor fixes), the plugin must be enabled also for admins to be used in the administration page. Imho, we should differenciate between plugins for functionality, and administration. Won't commit it right now. I'll have a look in the next few days on how to fix this. I already thought that a module and a plugin should handle the administration of itself, and not the admin module. That's another thing I want to change for 0.5 Ciao, Alessandro P.S. I suppose you are coding on Windows as I had some troubles finding out that the directory for the templates was called accountExpire and not accountexpire. Please use all lowercase for the file/directories. Jochen Derwae ha scritto: > Dear Alessandro, > > I've finally come round to finishing the first version of the > account_expire plugin. The administrator can now enter an expiration date in the user form. > This date is checkec when the user tries to log on, to allow or deny > authentication. > > I did have to make some minor changes to the admin module (to call and > display plugins in the useredit method) in order to get this plugin to work. > The code I've provided is probably not up to the standards of the rest > of the code base. I think mostly acl is missing from this plugin. I > would still appreciate it if you could take a look and tell me what you think. > > I'm going to work on assigning files to groups now, I might do it > differently then what you had in mind, due to the database code not > being able to do joins. Anyway, I'll patch something together (-: > > Thanks, > Jochen > > > ---------------------------------------------------------------------- > -- > > ---------------------------------------------------------------------- > -------- Crystal Reports - New Free Runtime and 30 Day Trial Check out > the new simplified licensing option that enables unlimited > royalty-free distribution of the report engine for externally facing > server and web deployment. > http://p.sf.net/sfu/businessobjects > > > ---------------------------------------------------------------------- > -- > > _______________________________________________ > Openupload-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openupload-devel ---------------------------------------------------------------------------- -- Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers & brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, & iPhoneDevCamp asthey present alongside digital heavyweights like Barbarian Group, R/GA, & Big Spaceship. http://www.creativitycat.com _______________________________________________ Openupload-devel mailing list Ope...@li... https://lists.sourceforge.net/lists/listinfo/openupload-devel |
|
From: Alessandro B. <ts...@br...> - 2009-05-22 17:16:17
|
Hi Jochen, I'm not really convinced about this. Though coding is correct (only minor fixes), the plugin must be enabled also for admins to be used in the administration page. Imho, we should differenciate between plugins for functionality, and administration. Won't commit it right now. I'll have a look in the next few days on how to fix this. I already thought that a module and a plugin should handle the administration of itself, and not the admin module. That's another thing I want to change for 0.5 Ciao, Alessandro P.S. I suppose you are coding on Windows as I had some troubles finding out that the directory for the templates was called accountExpire and not accountexpire. Please use all lowercase for the file/directories. Jochen Derwae ha scritto: > Dear Alessandro, > > I've finally come round to finishing the first version of the account_expire > plugin. The administrator can now enter an expiration date in the user form. > This date is checkec when the user tries to log on, to allow or deny > authentication. > > I did have to make some minor changes to the admin module (to call and > display plugins in the useredit method) in order to get this plugin to work. > The code I've provided is probably not up to the standards of the rest of > the code base. I think mostly acl is missing from this plugin. I would still > appreciate it if you could take a look and tell me what you think. > > I'm going to work on assigning files to groups now, I might do it > differently then what you had in mind, due to the database code not being > able to do joins. Anyway, I'll patch something together (-: > > Thanks, > Jochen > > > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------------ > Crystal Reports - New Free Runtime and 30 Day Trial > Check out the new simplified licensing option that enables > unlimited royalty-free distribution of the report engine > for externally facing server and web deployment. > http://p.sf.net/sfu/businessobjects > > > ------------------------------------------------------------------------ > > _______________________________________________ > Openupload-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openupload-devel |
|
From: Alessandro B. <ts...@br...> - 2009-05-17 18:49:44
|
odd, but ok. Alessandro jac...@ya... ha scritto: > I don't think so. After I got everything working, I changed the code > back to the original and everything seems to be functioning properly. It > is possible I could have done something wrong in the original > install(s). I did a number of them and kept getting that IP Ban error > until I changed the code. I ran the install again and got in and then > changed the code back. Now all is working so far. > > > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------------ > Crystal Reports - New Free Runtime and 30 Day Trial > Check out the new simplified licensing option that enables > unlimited royalty-free distribution of the report engine > for externally facing server and web deployment. > http://p.sf.net/sfu/businessobjects > > > ------------------------------------------------------------------------ > > _______________________________________________ > Openupload-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openupload-devel |
|
From: <jac...@ya...> - 2009-05-17 18:42:44
|
I don't think so. After I got everything working, I changed the code back to the original and everything seems to be functioning properly. It is possible I could have done something wrong in the original install(s). I did a number of them and kept getting that IP Ban error until I changed the code. I ran the install again and got in and then changed the code back. Now all is working so far. |
|
From: Alessandro B. <ts...@br...> - 2009-05-17 18:19:21
|
just to be sure. Are you somehow obfuscating your IP? I sometime get a "unknown" ip from the server and was wondering if this is the case. So there's should be a default rule for the unknown IPs. Alessandro jac...@ya... ha scritto: > Thank you Alessandro! > > Changing the code got me in and on my way. > > > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------------ > Crystal Reports - New Free Runtime and 30 Day Trial > Check out the new simplified licensing option that enables > unlimited royalty-free distribution of the report engine > for externally facing server and web deployment. > http://p.sf.net/sfu/businessobjects > > > ------------------------------------------------------------------------ > > _______________________________________________ > Openupload-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openupload-devel |
|
From: <jac...@ya...> - 2009-05-17 15:56:54
|
Thank you Alessandro! Changing the code got me in and on my way. |
|
From: Alessandro B. <ts...@br...> - 2009-05-16 18:49:56
|
H Jochen, from a fast check it seems ok. I'll be looking at it later and get back to you. Thanks, Alessandro Jochen Derwae ha scritto: > Dear Alessandro, > > I've finally come round to finishing the first version of the account_expire > plugin. The administrator can now enter an expiration date in the user form. > This date is checkec when the user tries to log on, to allow or deny > authentication. > > I did have to make some minor changes to the admin module (to call and > display plugins in the useredit method) in order to get this plugin to work. > The code I've provided is probably not up to the standards of the rest of > the code base. I think mostly acl is missing from this plugin. I would still > appreciate it if you could take a look and tell me what you think. > > I'm going to work on assigning files to groups now, I might do it > differently then what you had in mind, due to the database code not being > able to do joins. Anyway, I'll patch something together (-: > > Thanks, > Jochen > > > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------------ > Crystal Reports - New Free Runtime and 30 Day Trial > Check out the new simplified licensing option that enables > unlimited royalty-free distribution of the report engine > for externally facing server and web deployment. > http://p.sf.net/sfu/businessobjects > > > ------------------------------------------------------------------------ > > _______________________________________________ > Openupload-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openupload-devel |
23 messages has been excluded from this view by a project administrator.
