Proposed method for file attachments and uploads
-
File uploads and attachments: like many others, I am highly interested in such a plugin. While I agree with the intent of the developers to keep bbPress light and awesome (which it is,) it certainly seems a shame to have to abandon bbPress because it does not provide for file uploads.
It’s my understanding that each post is given a unique identifier, visible as a URL parameter: id=38 for post 38, id=39 for post 39, etc.
Functionally, it seems a matter of creating an /uploads folder, and using a PHP upload/file management script to create a folder with the same name of the post ID in the /uploads folder.
I think one could add some PHP code in the topic page loop to parse the /uploads folder for folders whose names match the numbers of the post id’s displayed on that page, if-then display links to any files contained within those folders, if-not, then don’t.
Do I have the technical know-how to pull this off? Of course not. I barely got the forums installed and avatar plugin running on my server. But others lurking here with any PHP ninja skills might be able to.
Of course, there might be horrendous security risks that I’m not thinking of with this method. And the PHP code that scans the uploads folder for foldernames that match post id’s might ridiculously slow down the forums, as it constantly scans the filesystem instead of performing a quick database lookup.
But it might be a good start. Between all of us here in these forums, I am confident that we’ll eventually stumble across this much-needed functionality. Necessity is a mother…
-
I think one could add some PHP code in the topic page loop to parse the /uploads folder for folders whose names match the numbers of the post id’s displayed on that page, if-then display links to any files contained within those folders, if-not, then don’t.
Probably more expedient to just check if folders with any of the post-ids as name exist; if then the operating system or whatever has to run through the entire folder to look, at least you’re handing the task to someone competent.
If you want this done, I suggest you look at some PHP examples and do it. The hard part of programming is not knowing the language, but figuring out the solution.
Think of attachments just like avatar uploads except they are attached to posts instead of users. Also, the interface has to be attached to the create/edit post instead of the profile. But it’s almost that “simple”.
However there are indeed huge security risks.
Anytime you have a 777 folder somewhere it can be dangerous and filetypes need to be filtered outside of their extension, etc.
(and no, this is one plugin I won’t be coding)
Does anyone know how other forum software handles file attachments and uploads safely?
*crickets*
I’m not sure about forum software, but I know about file uploads based on other work I’ve done.
Typically the idea is to always rename the files when they are uploaded and before you save them anywhere, only allow certain file types, limit the size, and make sure permissions are set correctly. Usually you should trigger some type of anti-virus software to scan the directory and make sure nobody is posting viruses.
By ignoring the the filenames passed in, you prevent anybody from being able to pass in filenames containing “../” or something like that to write to other directories. You can do a regex and/or mime type check to see what type of file it is so you can name the extension correctly.
Only allowing certain file types is probably a good idea, and making sure to scan files with antivirus is also extremely necessary.
What I’ve been considering is writing an attachments plugin that only allows images to be uploaded by regular users, but moderators can attach zipfiles as well. The idea there is that moderators can be trusted, and there’s fairly little risk in uploading images (we do it for avatars today)
Again, essentially the avatar upload plugin does all this (filename scrubbing, etc) the code would just need to be hacked to make it attach to posts instead of users and the interface would have to be on the create/edit post form (which if I remember from my signatures plugin has no action hook unfortunately and templates will need to be edited). “Avatar Upload” even checks filenames and the php code checks dimensions which ensures it’s really an image. Other filetypes like zips or pdf would be more tricky but just an extension of the process – first start with images and work from there once you have it running.
I’d like to see this happen, but don’t look at me for coding, I hope someone else steps up to the plate. Got my hands full right now with “Super Search” which is quite difficult on all sorts of issues. I won’t be done with it for a week or two at earliest, more realistically the rest of February.
I can’t speak for the world at large, but I think that many people might be passing up a great product (bbpress) because they are looking for forum software with a few more “essential” features. A great number of other forum packages on the ForumMatrix offer multiple file attachments, and while I agree with the developer’s dream of keeping this thing nice and lite and agile, I think anytime a red X on the ForumMatrix is eliminated, it increases the overall appeal of bbpress to the forum dev community.
HowToGeek, I don’t know how much use I’d be to you as a coder, but I’m willing to do whatever I can to help you start a plugin like this.
(which if I remember from my signatures plugin has no action hook unfortunately and templates will need to be edited)
No, there’s been hooks for the post form for as long as I can remember.
pre_post_form
post_form
post_post_form
Charlie: ticking off boxes because other software ticks those boxes is feature creep. Goes against, as you say, what bbpress is about. And even if it didn’t, it makes no sense; feature ideas should be evaluated on their own merits. I’m not saying attachments shouldn’t make it in (personally, I don’t much like file attachments), but that you can make a much much better case for it than saying that it’s a square on the Forum Matrix that bbpress doesn’t have.
Fel64, you are totally right. That wasn’t so much an appeal to inferiority as it was an appeal to the bandwagon: I simply think people tend to judge a product based on what’s included, moreso than what’s excluded. I could have worded that better.
I could try to make a better case for an attachments plugin, but I run the risk of becoming “that crazy dude who’s always whining about attachments.” Besides, I don’t feel like I should try to argue the point, because I don’t really hear anyone arguing *against* it.
The best case I can see for any plugin is a chorus of users singing the same tune, asking for such an extension and offering what resources they have to contribute to it. I appreciate the input from everyone on this discussion, and hope we can continue it to the eventual development of this feature. As I mentioned before, I will look at the code, and do what I can (hack around) but then I’ll run the risk of being “that crazy dude who thought he could write a file attachment plugin.”
Which might be slightly better than being the dude who was just whining about not having one. But still.
We almost certainly won’t write this into core, but if someone wants to write this and they are missing the necessary filters/actions in core to do it we can easily add those for them.
Sam, this is great news. I’m not a coder but I’m fairly good with CSS. I could help with writing classes for some of the more popular themes.
bbPress seems to be the ONLY forum software that I’ve been testing which does not have this feature.
In fact, the ability to attach items to forum posts (as well as the administrative authority to limit the size of these attachments) seems critical to almost any forum – especially ones that I have setup for clients.
I would consider this more important than an avatar. It should be a high priority on the development list for the forum – a feature, not a plug-in.
From what I’ve seen, yetanotherforum.net handles attachments very well – but I prefer the look of bbpress.
Let’s put the pressure on bbpress dev teams…
Anyone else have good experiences with a forum that allows image attachments?
I don’t want this functionality included in bbPress. Do it with a plugin. Keep bbPress lean. That’s my vote.
I would be in favor of an attachment plug-in
Ok for a plug-in yeah….
We could try to appeal to the mercy of whoever the current plug-in coders are. I’ve seen something at TextDrive where a group would donate some money into a pool for development purposes.
I think it’d be great if they added the “Ideas” feature here at bbPress like they have for WordPress also.
Alright, I’ll start working on this.
It won’t be feature rich at start but I’ll give you some basic functionality in a few days.
I’m putting my money where my mouth is, and donated $50 to _ck_ towards the development of this plugin.
Thanks for starting this _ck_, it will be a welcome plugin addition.
Whoa, $50 AUS? That’s like half a million US $ right now! I could buy 3, maybe even 4 gallons of gas (if I owned a car) LOL!
Seriously though, many thanks, that’s a massive donation. Now I feel guilty like I have to make this an amazing plugin. Hope I can live up to it. I should have an early alpha for review Sunday or Monday night…
It was USD$50
I say just get it up to a usable state and out the door. Then we can all work on making it better over time.
I’ve got a skeleton prototype working already but I have an important question:
In Right-To-Left languages, filenames are still left-to-right, correct? ie. it’s never gif.filename, always filename.gif ?
Sounds silly but you never know… I mean how does Chinese or Japanese handle filenames?
_ck_ you are wonderful
Very early sneak preview:
http://img156.imageshack.us/img156/8615/bbattachmentspreviewpv0.png
I donated towards this plugin as well. Very happy to see this being worked on!
@Everybody: You can donate directly to _ck_ with this link:
I’m glad the donation idea is working.
- You must be logged in to reply to this topic.