openupload-devel — Development and general discussion

[openupload-devel] blank page displayed after login in

[Frank B. <f.b...@es...>]

Hello

I've just installed openupload on ubuntu server 10.04 LTS

the login page is well displayed but after login in a blank
page is displayed ...

apache error logs don't show anything


Any info welcome !

[openupload-devel] Successful installation with MySQL

[Paul A. <pa...@ha...>]

I used the Open Upload interface to install the application and a mysql 
database - only to receive this error message:

query failed: SELECT * FROM `langs` WHERE `active`="1" ORDER BY id

I read a suggestion that you set the db to "restricted mode" - which 
I've done, and the problem persists.

I admit to being a complete newb here - and would appreciate your 
patient assistance.

Re: [openupload-devel] Problem with Banned

[Alessandro B. <ts...@br...>]

On Tue, 13 Sep 2011 13:55:54 +0100, Steve Allum wrote:
> Hi
>
> Just playing with openupload as it looks like a real answer to a
> problem we have had for a while.
>
> I have it up and running on a trial server and while I need to look
> at the some of the options like captcha because I don't gave GD
> installed, I am very impressed with the ease of use and 
> fuunctionality
>
> My problem is with the banned addresses plugin.
>
>>From my testing the deny/allow list held in banned.txt seems to work 
>> on the order the entries exist rather than the priority given
>
> For example the standard file shows
>
> id|ip|access|priority
> 1|127.0.0.1|allow|1
> 2|0.0.0.0/0|allow|999
>
> Adding another entry using the Gui changes it to
>
> id|ip|access|priority
> 1|127.0.0.1|allow|1
> 2|0.0.0.0/0|allow|999
> 3|10.60.10.244|deny|5
>
> The final entry is my own internal IP and I am not blocked. It
> appears that the entry at 2 overrides the antry at 3 despite the
> priorities.
>
> I tested by manually editing the banned.txt file to put the rules in
> what looks like the correct order
>
> id|ip|access|priority
> 1|127.0.0.1|allow|1
> 2|10.60.10.244|deny|5
> 3|0.0.0.0/0|allow|999
>
> In this format everything works as expected and my address is banned
> but everything else is allowed.
>
> Is this a known bug? Have I got a config error?
>
> Thanks
>

Hi Steve,
this is a specific problem/bug with the txt database backend which does 
not sort based on the priority.

Changing database backend, whould fix it.

Alessandro

[openupload-devel] Problem with Banned

[Steve A. <Ste...@le...>]

Hi

Just playing with openupload as it looks like a real answer to a problem we have had for a while.

I have it up and running on a trial server and while I need to look at the some of the options like captcha because I don't gave GD installed, I am very impressed with the ease of use and fuunctionality

My problem is with the banned addresses plugin.

>From my testing the deny/allow list held in banned.txt seems to work on the order the entries exist rather than the priority given

For example the standard file shows

id|ip|access|priority
1|127.0.0.1|allow|1
2|0.0.0.0/0|allow|999

Adding another entry using the Gui changes it to

id|ip|access|priority
1|127.0.0.1|allow|1
2|0.0.0.0/0|allow|999
3|10.60.10.244|deny|5

The final entry is my own internal IP and I am not blocked. It appears that the entry at 2 overrides the antry at 3 despite the priorities.

I tested by manually editing the banned.txt file to put the rules in what looks like the correct order

id|ip|access|priority
1|127.0.0.1|allow|1
2|10.60.10.244|deny|5
3|0.0.0.0/0|allow|999

In this format everything works as expected and my address is banned but everything else is allowed.

Is this a known bug? Have I got a config error?

Thanks

Steve

_______________________________________________________________________________________________________________
Leicestershire County Council - Council of the Year 2009
_______________________________________________________________________________________________________________
This e-mail and any files transmitted with it are confidential. If you are not the intended recipient, any reading, printing, storage, disclosure, copying or any other action taken in respect of this e-mail is prohibited and may be unlawful. If you are not the intended recipient, please notify the sender immediately by using the reply function and then permanently delete what you have received.
Incoming and outgoing e-mail messages are routinely monitored for compliance with Leicestershire County Council's policy on the use of electronic communications.   The contents of e-mails may have to be disclosed to a request under the Data Protection Act 1998 and the Freedom of Information Act 2000.
The views expressed by the author may not necessarily reflect the views or policies of the Leicestershire County Council.
Attachments to e-mail messages may contain viruses that may damage your system. Whilst Leicestershire County Council has taken every reasonable precaution to minimise this risk, we cannot accept any liability for any damage which you sustain as a result of these factors. You are advised to carry out your own virus checks before opening any attachment.

[openupload-devel] Script injection vulnerability

[Alessandro B. <ts...@br...>]

Please update your installations with this commit / patch to avoid
security concerns.

Alessandro

-------- Messaggio originale --------
Oggetto: [Openupload-svn-update] SF.net SVN: openupload:[395]
branches/v0.4/www/index.php
Data: Fri, 09 Sep 2011 10:54:42 +0000
Mittente: ts...@us...
A: ope...@li...

Revision: 395
          http://openupload.svn.sourceforge.net/openupload/?rev=395&view=rev
Author:   tsdogs
Date:     2011-09-09 10:54:41 +0000 (Fri, 09 Sep 2011)
Log Message:
-----------
fix script injection BUG: 3406693

Modified Paths:
--------------
    branches/v0.4/www/index.php

Modified: branches/v0.4/www/index.php
===================================================================
--- branches/v0.4/www/index.php	2011-02-28 17:08:12 UTC (rev 394)
+++ branches/v0.4/www/index.php	2011-09-09 10:54:41 UTC (rev 395)
@@ -54,6 +54,12 @@
 } else {
   $step = '';
 }
+
+ /* sanitize the user input a bit more */
+$action = htmlentities($action);
+$step = htmlentities($step);
+if (!is_numeric($step)) $step = 1;
+
 $configfile = 'config.inc.php';
 if (defined('__NOT_MAIN_SCRIPT'))
   $configfile = 'www/'.$configfile;

This was sent by the SourceForge.net collaborative development platform,
the world's largest Open Source development site.


------------------------------------------------------------------------------
Why Cloud-Based Security and Archiving Make Sense
Osterman Research conducted this study that outlines how and why cloud
computing security and archiving is rapidly being adopted across the IT
space for its ease of implementation, lower cost, and increased
reliability. Learn more. http://www.accelacomm.com/jaw/sfnl/114/51425301/
_______________________________________________
Openupload-svn-update mailing list
Ope...@li...
https://lists.sourceforge.net/lists/listinfo/openupload-svn-update

Re: [openupload-devel] SSL (https) issue

[Alessandro B. <ts...@br...>]

Il 23/08/2011 18:36, Eric Kelly ha scritto:
> Has anyone ever tried using Openupload with ssl?  I just did, and I'm getting a php parse error.  Any ideas as to why this is happening or what I can do about it?

I have it working correctly,
What's the parse error? what line and file?

Alessandro

Re: [openupload-devel] SSL (https) issue

[Weir, J. <jas...@nh...>]

I'm using it with SSL without issue...  Sounds like a php config problem

-J

> -----Original Message-----
> From: Eric Kelly [mailto:ek...@tr...] 
> Sent: Tuesday, August 23, 2011 12:36 PM
> To: ope...@li...
> Subject: [openupload-devel] SSL (https) issue
> 
> 
> Has anyone ever tried using Openupload with ssl?  I just did, 
> and I'm getting a php parse error.  Any ideas as to why this 
> is happening or what I can do about it?
> 
> -Eric


_____________________________________________________________________________________________

Please visit www.nhrs.org to subscribe to NHRS email announcements and updates.

[openupload-devel] SSL (https) issue

[Eric K. <ek...@tr...>]

Has anyone ever tried using Openupload with ssl?  I just did, and I'm getting a php parse error.  Any ideas as to why this is happening or what I can do about it?

-Eric

Re: [openupload-devel] AD/LDAP

[Alessandro B. <ts...@br...>]

On Sun, 14 Aug 2011 06:22:30 -0700, Noam Brosh wrote:
> Good day,
>
> Regarding -
> 
> http://sourceforge.net/mailarchive/forum.php?thread_name=4A96A62E.4050600%40briosix.org&forum_name=openupload-devel
> And -
> 
> http://sourceforge.net/tracker/?func=detail&aid=3042088&group_id=242018&atid=1117805
>
> I'm running openupload on a linux machine.
>
> I am able to authenticate versus AD. However, like others have said
> before me - every user has only upload, my files and login options.
> After playing a bit with the PHP AD code, I re-created the groups to
> match those I want(IE, domain users and domain admins), to registered
> and administrators group. I also changed the CN to samaccountname.
> After changing the auth' method to ldap again, I now see that users
> have the options of logging out which is new.
>
> Unfortunately, still - the system doesn't notice whether the user is
> a member of domain users or domain admins which leaves no way of
> managing the system(unless you revert back to 'defau't auth' mode or
> give the ANY group admin rights).
>
> Is there anything new about this? Maybe another method to try?
>
> Cheers,

AD has created many troubles to many people, and it's all a matter of 
having the ldap search for user and usergroups to be correct.

The easyest is to setup the default auth with the same group names as 
you'll be using in AD. By default the AD code puts the user in "Domain 
Users" group, which is very likely to be correct.
So the thing is that for some reason the ldap search is not finding to 
which groups the users belong, probably some problem with the mappings 
or some differences in the AD schema, in fact I have found that
the 2000, 2003 and 2008 schema differ and might lead to problems in the 
search.

There are many other requests for support on AD and in there there is 
the configuration I used and is working with a 2003 AD

Alessandro

[openupload-devel] AD/LDAP

[Noam B. <Noa...@ha...>]

Good day,

Regarding - http://sourceforge.net/mailarchive/forum.php?thread_name=4A96A62E.4050600%40briosix.org&forum_name=openupload-devel
And - http://sourceforge.net/tracker/?func=detail&aid=3042088&group_id=242018&atid=1117805

I'm running openupload on a linux machine.

I am able to authenticate versus AD. However, like others have said before me - every user has only upload, my files and login options. After playing a bit with the PHP AD code, I re-created the groups to match those I want(IE, domain users and domain admins), to registered and administrators group. I also changed the CN to samaccountname. After changing the auth' method to ldap again, I now see that users have the options of logging out which is new.

Unfortunately, still - the system doesn't notice whether the user is a member of domain users or domain admins which leaves no way of managing the system(unless you revert back to 'defau't auth' mode or give the ANY group admin rights).

Is there anything new about this? Maybe another method to try?

Cheers,

Re: [openupload-devel] Remove Link

[Alessandro B. <ts...@br...>]

Il 04/08/2011 09:12, Matthias Thyroff ha scritto:
> Dear Alessandro,
> 
> after having installed Open Upload, I have just two questions, I do not 
> want to flood you with emails, but I'll put them in seperate mails to 
> have seperate threads where necessary.
> 
> So my question (well, observation, suggestion) is that I found something 
> strange about the remove links I send to my receivers.
> 
> I work in private mode, registered users send files, unregistered users 
> receive files.
> 
> Now when I send a file with a remove link, the unregistered usere is 
> asked to log in to remove the file. I think that does not make sense, a 
> captcha test would be enough, don't you think? Otherwise, it does not 
> make sense to send the link.
> 
> In terms of priority, I suppose this is low because for the moment, I 
> just don't send the link and delete the files by timer.
> 
> Thanks again, and best regards!
> 

Yes, but this is a permission bug as an unregistered user should be able
to remove a file if it has the link...

Alessandro

Re: [openupload-devel] Uploadprogress?

[Alessandro B. <ts...@br...>]

Il 05/08/2011 10:40, Matthias Thyroff ha scritto:
> Hello again,
> 
> sorry it seems it is just Opera where the progress is not shown, it 
> works in IE.
> 
> Thanks again for the great tool!
> 

Yep Opera seems to crash with svn version :) and that's absolutely an
Opera bug

Alessandro

Re: [openupload-devel] Uploadprogress?

[Matthias T. <no...@th...>]

Hello again,

sorry it seems it is just Opera where the progress is not shown, it 
works in IE.

Thanks again for the great tool!

Matthias

Am 04.08.2011 09:12, schrieb Matthias Thyroff:
> Dear Alessandro,
>
> I have just installed your Open Upload and I find it is great! Exactly
> what I need (well, almost, see below) and I am really happy that I have
> found it. So THANK YOU! for putting this up!
>
> After having solved my problem with large files (my provider was so kind
> to increase the upload limit on my shared hosting server), I have just
> two open questions.
>
> First, I read about a progress bar thing that should be visible
> somewhere while uploading. I can't see it.
>
> When I upload a file, the page with the filename text box and the upload
> button stays visible with a sandclock mouse pointer (which now is a
> rotating circle mouse pointer) and then I get forwarded to the next page
> where I enter the other information for sending the file. No progress bar!
>
> I have
>
> $CONFIG['progress'] = 'uploadprogress';
>
> in my config file.
>
> Is there something I need to configure?
>
> Best regards from Germany!
>
> Matthias
>
> ------------------------------------------------------------------------------
> BlackBerry® DevCon Americas, Oct. 18-20, San Francisco, CA
> The must-attend event for mobile developers. Connect with experts.
> Get tools for creating Super Apps. See the latest technologies.
> Sessions, hands-on labs, demos&  much more. Register early&  save!
> http://p.sf.net/sfu/rim-blackberry-1
> _______________________________________________
> Openupload-devel mailing list
> Ope...@li...
> https://lists.sourceforge.net/lists/listinfo/openupload-devel

[openupload-devel] Remove Link

[Matthias T. <no...@th...>]

Dear Alessandro,

after having installed Open Upload, I have just two questions, I do not 
want to flood you with emails, but I'll put them in seperate mails to 
have seperate threads where necessary.

So my question (well, observation, suggestion) is that I found something 
strange about the remove links I send to my receivers.

I work in private mode, registered users send files, unregistered users 
receive files.

Now when I send a file with a remove link, the unregistered usere is 
asked to log in to remove the file. I think that does not make sense, a 
captcha test would be enough, don't you think? Otherwise, it does not 
make sense to send the link.

In terms of priority, I suppose this is low because for the moment, I 
just don't send the link and delete the files by timer.

Thanks again, and best regards!

Matthias

[openupload-devel] Uploadprogress?

[Matthias T. <no...@th...>]

Dear Alessandro,

I have just installed your Open Upload and I find it is great! Exactly 
what I need (well, almost, see below) and I am really happy that I have 
found it. So THANK YOU! for putting this up!

After having solved my problem with large files (my provider was so kind 
to increase the upload limit on my shared hosting server), I have just 
two open questions.

First, I read about a progress bar thing that should be visible 
somewhere while uploading. I can't see it.

When I upload a file, the page with the filename text box and the upload 
button stays visible with a sandclock mouse pointer (which now is a 
rotating circle mouse pointer) and then I get forwarded to the next page 
where I enter the other information for sending the file. No progress bar!

I have

$CONFIG['progress'] = 'uploadprogress';

in my config file.

Is there something I need to configure?

Best regards from Germany!

Matthias

[openupload-devel] Downloading from Blackberry issues

[Weir, J. <jas...@nh...>]

Anyone having issues opening documents from openupload on a blackberry
or other smart phone?

Sometimes I get invalid content type, if I save to the blackberry and
open it manually seem to work fine..

-J
Jason Weir
Systems Administrator
New Hampshire Retirement System
Concord, NH 03301
(603)-410-3634 


_____________________________________________________________________________________________

Please visit www.nhrs.org to subscribe to NHRS email announcements and updates.

[openupload-devel] FR local patch

[Daniel B. <da...@fi...>]

Hi.

Here's a patch which fix some errors in the french localization file.

Regards, Daniel

-- 
Daniel Berteaud
FIREWALL-SERVICES SARL.
Société de Services en Logiciels Libres
Technopôle Montesquieu
33650 MARTILLAC
Tel : 05 56 64 15 32
Fax : 05 56 64 15 32
Mail: da...@fi...
Web : http://www.firewall-services.com

Re: [openupload-devel] Open id sign-in

[Alessandro B. <ts...@br...>]

On Wed, 08 Jun 2011 14:55:27 +0200, Gianni Cerato wrote:
> Hello, is it possible implementing open upload project with open id
> sign-in (to get user registering more quick and easy?Thank you in
> advance..
> Regards
> Gianni Cerato

Yes it is, but unless somebody volunteers there are other aspects that 
need attention first.

Alessandro

Re: [openupload-devel] Download stats

[Alessandro B. <ts...@br...>]

On Thu, 9 Jun 2011 09:49:25 -0500, Landers, Paul wrote:
> Is there currently any way to display another column on the "My
> Files" page to show each user how many times each of their files has
> been downloaded instead of requiring an to Admin check the Logs page?
>
> Paul Landers

Hi Paul,
no not really, but through a plugin it could be easily done.

Alessandro

[openupload-devel] Open id sign-in

[Gianni C. <in...@gi...>]

Hello, is it possible implementing open upload project with open id
sign-in (to get user registering more quick and easy?Thank you in
advance..
Regards
Gianni Cerato 

[openupload-devel] Download stats

[Landers, P. <pau...@tt...>]

Is there currently any way to display another column on the "My Files" page to show each user how many times each of their files has been downloaded instead of requiring an to Admin check the Logs page?

Paul Landers

Re: [openupload-devel] Virus checker

[Alessandro B. <ts...@br...>]

Check here for the mailing list.

> https://lists.sourceforge.net/lists/listinfo/openupload-devel


Alessandro

[openupload-devel] Virus checker

[Eric K. <ek...@tr...>]

I implemented a basic virus checker.  The code is pasted below:

<?php

/* Virus check implemented by Eric Kelly */

class virusCheckPlugin extends OpenUploadPlugin {

	function virusScan($files) {
	
		$virus = false;
    	$msg = '';
    	
    	foreach ($files as $file) {
    		$retcode = cl_scanfile($file['tmp'], $virusname);
    		if($retcode == CL_VIRUS) {
    			$virus = true;
    			if(empty($msg)) {
    				$msg = 'Virus found!  File(s): ' . $file['name'];
    			} else {
	    			$msg = $msg . ', ' . $file['name'];
    			}
				unset($retcode);
				unset($virusname);
    		}
    	}
    
    	if ($virus) {
  			app()->log('warning','uploadOptions','','DENY',$msg);
	    	app()->error(tr($msg));
		} 
  		return $virus;
    }

	function virusCheckPlugin() {
		$this->description = tr('Scans all uploaded files for viruses');
	}
	
	function uploadOptions(&$finfo, $acl) {
		$this->loadConfig();
		if ($acl == 'enable') {
			return !($this->virusScan($finfo));
		} else {
			return true;
		}
	}

}
?>


And yes, I do know there is another plugin submitted... but I didn't notice that before I wrote this.

-Eric

P.S.  Also, how would I gain access to the openupload-devel mailing list?  I'd like to contribute more.

Re: [openupload-devel] Openupload questions

[Alessandro B. <ts...@br...>]

Hi,

On Thu, 19 May 2011 09:15:31 -0400, Eric Kelly wrote:
> I have set up openupload with LDAP, and everything appears to be 
> working.
>
> However, I have a couple questions regarding customization.
>
> 1. Is there any way to have a custom expiration date on a per file
> basis? Yousendit allows the user to select when they want the file to
> expire from a dropdown.  Even if it isn't built in, could you give me
> some information on how you would recommend that I add it?
>
Check the expire plugin, and implement one that does set the expiration 
date based on user input.
For the template (to get the input) you could check the password 
plugin.

> 2. When editing rights, what is the action [default] for?

This means the default for all the actions in the module
example you can set the entire files module to be denied by default, 
but you can allow the listing of files (l), by setting the default to 
deny and l to allow and all the others to "-" which means take from the 
default or from other groups if default is not specified.

the resulting part explains what the result would be and from what it 
takes the info.

Hope it's clear enough.

Alessandro

Re: [openupload-devel] Installation problem

[Alessandro B. <ts...@br...>]

On Sun, 22 May 2011 20:06:42 +0200, Peter Rahe | Rahe-Kraft.de wrote:
> Intallation worked fine so far...except the SQL dump, wich I did 
> manually.
>
> I imported the structure and the public.sql script.
>
> When I open index.php I get a banned IP warning, when I manually
> enter my IP as allowed into the banned table the warning desapears.
>
> But then a authentivcation warning comes up -- what goes wrong here?
>
> mit freundlichen Grüßen | Best regards | ?? ???? ???????
>

Hi,
probably something is missing from your database installation.

If you imported the database manually (you probably did not select the 
correct configuration in the installation drop down)

Imho you are missing some kind of import in the database. Have you done 
the 1 2 and 3 steps?

The user in the manual import is admin with password admin.

Let me know if this works.

Alessandro