I committed the file uploads modules to SVN. The upload.php module needs a bit of work in the security area. Right now it just checks for a case id and an owner id, not for login.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Awesome! I made a slight change to it on my installation that fixed a couple problems:
1. Cread the uploads directory in the paradb directory. Sounds like a no-brainer, but the instruction wasn't there, so I thought I'd add it.
2. Change `copy($HTTP_POST_FILES,"uploads/".$case."-".$owner."-".$newname);` to `copy($HTTP_POST_FILES,"uploads/".$case."-".$owner."-".$HTTP_POST_FILES);`
I know you had the escape sequence to add some security, but the filenames all got truncated as $newname came out null.
Now the only other major wishes I have for ParaDB are a "Lead (No Investigation)" case type and configurable stylesheets/logo. Looking goo so far.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hm… Trying to figure out right now why $newname is coming up null for you. Just trusting HTTP_POST_FILES for the name is asking for trouble (uploading php files, cgi, etc)…
I think $newname is coming null due to invalid mime types. Gotta look, and will get back about it.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I added the new files to upload files and I see the link on my test case file. When I click the link it does bring upo the page. I search for a file and click the subnit but all I get is "Not a valid entry point". I am guessing it is not getting the case_id and or owner_id.
Also now unlike before anytime the cursor is stationary the info for the "user statistics" pops up
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
There are some other changes to other files(templates/report_form.inc.php) as well. You would need more than the uploads.php file to enable it. So, yes, it's dying because it's not getting the valid information (slight security).
To test, you can pass user_id and case_id over the URL, but the files will not display in the case screen.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
sorry my mistake. I had done that I redid 4 files in all and had added the upload folder. Added upload.php, reportsdb.inc.php, report_form.inc.php and header.inc.php from the SVN.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I committed the file uploads modules to SVN. The upload.php module needs a bit of work in the security area. Right now it just checks for a case id and an owner id, not for login.
Awesome! I made a slight change to it on my installation that fixed a couple problems:
1. Cread the uploads directory in the paradb directory. Sounds like a no-brainer, but the instruction wasn't there, so I thought I'd add it.
2. Change `copy($HTTP_POST_FILES,"uploads/".$case."-".$owner."-".$newname);` to `copy($HTTP_POST_FILES,"uploads/".$case."-".$owner."-".$HTTP_POST_FILES);`
I know you had the escape sequence to add some security, but the filenames all got truncated as $newname came out null.
Now the only other major wishes I have for ParaDB are a "Lead (No Investigation)" case type and configurable stylesheets/logo. Looking goo so far.
Hm… Trying to figure out right now why $newname is coming up null for you. Just trusting HTTP_POST_FILES for the name is asking for trouble (uploading php files, cgi, etc)…
I think $newname is coming null due to invalid mime types. Gotta look, and will get back about it.
I added the new files to upload files and I see the link on my test case file. When I click the link it does bring upo the page. I search for a file and click the subnit but all I get is "Not a valid entry point". I am guessing it is not getting the case_id and or owner_id.
Also now unlike before anytime the cursor is stationary the info for the "user statistics" pops up
There are some other changes to other files(templates/report_form.inc.php) as well. You would need more than the uploads.php file to enable it. So, yes, it's dying because it's not getting the valid information (slight security).
To test, you can pass user_id and case_id over the URL, but the files will not display in the case screen.
It also requires the "uploads" folder to be created as well.
sorry my mistake. I had done that I redid 4 files in all and had added the upload folder. Added upload.php, reportsdb.inc.php, report_form.inc.php and header.inc.php from the SVN.
Let me pop up a SVN copy of everything and test it out some more.
that will be great I will do the changes again with the new files and let you know either way