Gives members the ability to upload attachments on their posts. This is an early beta release for review. Feedback, bug reports, feature ideas, improvements are encouraged. Please note there are important security considerations when allowing uploads of any kind to your server.
bbPress Plugin Browser »
bbPress Attachments (0.2.7)
Download
Version: 0.2.7
Last Updated: 2009-4-9
Requires bbPress Version: 0.9 or higher
Compatible up to: 0.9
Average Rating
Your Rating
Author: _ck_
-
Feedback, bug reports are encouraged.
Note the default upload level is set to moderators in the beta for safety (which you can change).
Future releases will allow inline image viewing and auto-creation of thumbnails (requires much more time to code).
A basic demo can be seen here:
http://bbshowcase.org/forums/topic/put-your-test-posts-here
(note you won't be able to download unless logged in and uploading is currently disabled until I can do more security tests to be certain)Posted: 1 year ago # -
Thanks for developing the plugin, but for me there are still some progress. I use the latest bbpress setup, the problem appears after i try to loadup the file:
Uploads
1. smartphone.jpg error: denied mimeAnd this happens to any file I try to upload. I created a directory for uploads in my ftp server at this level and set chmod to 777:
domains/orion.lt/bb-attachments
the usual place to store website files is in
domains/orion.lt/public_html
Maybe this is the reason i am having troubles? Thanks.
Posted: 1 year ago # -
It simply doesn't work with my current set-up. I don't know what's wrong? Anyone here who is successful in using this plug in?
Posted: 1 year ago # -
@ pofke, you did everything right - the error message is probably accurate, specifically about "mime". What's likely the cause is that the code that determines the mime is failing. My code tries two ways, an internal php command that is sometimes unavailable or via shell access. I need to know more about your setup, like if you are on shared hosting or a VPS and what version of PHP you have.
@ xeroxss, I need WAY more info. What do you mean "doesn't work" ? Does it appear? Are you able to upload but it says "failed" ? What happens?
Posted: 1 year ago # -
I've just discovered that windows based php systems won't have the "file" command so if they don't have "mime_content_type" the mime will always fail.
Try 0.0.7 and see if that manages to fix it for you.
If not, I will have to do a bit more research on a solution.Posted: 1 year ago # -
Hi!
thanks for helping out. The error remains though... i get the same message: 1. aims.gif (3.9 KB) error: denied mime
Here's PHP summary of the shared server i use: http://orion.lt.tunas.serveriai.lt/php/
I think there is probably some problem with the paths - it gives the same message also if i don't create any folder for attachments at all.
Thanks again
Posted: 1 year ago # -
Well you have all shell (exec) functions disabled, which is unfortunate but should be okay but still probably where the failure is. It means the previous two mime methods are also failing however which is bad.
If you have a non-writeable path you should get a "FAILED" message, not a mime error message but I guess it's remotely possible. It knows the filesize so it's at least getting into your temporary area.
Might be something with PHP 5.2.5, I will have to research. Can anyone confirm this working with PHP 5.2.5 ?
Posted: 1 year ago # -
pofke, run this on your website and copy the results here for me?
http://pastebin.com/m59f39038What I will probably do for sites without any mime support is simply determine if the file is a valid image or not. I need to grab the dimensions anyway, just haven't done the code for it yet.
Posted: 1 year ago # -
/home/orion/domains/orion.lt/public_html/php/ck.php
disabled functions: symlink, exec, passthru, proc_close, proc_get_status, proc_open, shell_exec, system, popen, pclose
mime_content_type: does not exist.
finfo_open: does not exist.
imgt: exists.
imgt: application/octet-stream
exec: does not exist.Posted: 1 year ago # -
Okay I am working on a workaround, should have it up within the next 10 minutes or so.
In your case it will only allow images until I can figure out a way to detect plain text and other types without full mime support.
Look for 0.0.8 and give it a try.
Posted: 1 year ago # -
Is it possible to have a hack for zip files? Images probably are not as relevant in my case.
Posted: 1 year ago # -
Well you can edit the options to allow mime type
application/octet-streamwhich should allow any binary.In theory the file extensions will prevent people from directly uploading .exe and other executables directly.
First try 0.0.8 without
application/octet-streamand if it allows images but not zip, that means it's using the imagetype fallback and you'll need to allowapplication/octet-streamPosted: 1 year ago # -
It works with the images - thanks!
However i am not very experienced and did not fully understand your last post about editing the options to allow any file type. Should I alter the plugin file or something else?
Posted: 1 year ago # -
I think I goofed, you might have to re-download 0.0.8 again.
What you'll need to edit is:
$bb_attachments['allowed']['mime_types']['default']=array('text/plain', 'image/jpeg', 'image/jpg', 'image/png', 'image/gif');near the top and change it to
$bb_attachments['allowed']['mime_types']['default']=array('application/octet-stream','text/plain', 'image/jpeg', 'image/jpg', 'image/png', 'image/gif');See the
application/octet-streamin there?
You'll have to add it for mod and admin too if you want it. In fact you might want to consider ONLY adding it to mod and admin.(remember to re-download and re-install 0.0.8 again, I changed something)
Posted: 1 year ago # -
Yep, now it works :) Thanks a lot - your help was very useful. It's great to have committed people working on making BBpress better. Keep up the good work!
Posted: 1 year ago # -
_ck_: I noticed in your code that you aren't trying to get the mime type from the
$_FILEScollection. The mime-type is here (where 'userfile' is the name of the file input element):$_FILES['userfile']['type']Posted: 1 year ago # -
Never rely on the uploaded info from the browser. It's the first thing an attacker can spoof. The
['type']is not determined by the server-side - it's what the client-side browser suggests it is and therefore untrustworthy.Posted: 1 year ago # -
Holy cats. I just logged in here to look for some theme plugins, and lo and behold, what is happening? A glorious File Attachments plugin!!! I'm ridiculously pleased that this plugin is under construction and I can't wait to try it on my forums!
Posted: 1 year ago # -
Sorry guys, I've been busy for a while and didn't manage to check this thread so my problem before is that is it simply didn't appear on my site meaning no display whatsoever for attachment link. I re-check everything from installations of the script and editing the edit-post.php and by just following this thread and running the script posted by @_ck_. I can finally say that its tested and working with the same server configuration as describe above.
The output of the script posted above is here:
/home/egdesign/public_html/test.php
disabled functions:
mime_content_type: exists.
mct: text/plain
finfo_open: does not exist.
imgt: exists.
imgt: application/octet-stream
exec: exists.
exec: text/plain; charset=us-ascii
So I just need to edit the bb-attachment.php for the configuration I want.
see it here: http://www.eg-designstudio.com/main/forum/Thanks _ck_
Posted: 1 year ago #
Add a Comment »
You must log in to post.