Latest News: (loading..)
Sign in to follow this  
Followers 0
iiinetworks

[CONTRIBUTION] File uploads as an Option Feature

483 posts in this topic

I am releasing a file uploading contribution. This will be the support thread for the contribution. More details will follow after I finish uploading to the contribution area.

 

Thanks,

Matt

Share this post


Link to post
Share on other sites

Here is the web page for the contribution.

 

Essentially, this adds a file type to the existing four ways of displaying the attributes for a product with the Products Attributes - Option Type Feature contribution (drop down menu, text box, radio buttons, check box). One can use the standard HTML FILE input field (the one with the browse button) to upload a file to the server. The contribution will then rename it uniquely and store the original and new names in a database table.

 

The idea is so that you can upload logos, etc. for placement on things like mugs, t-shirts, and so forth. If you want different kinds of files, you might have to modify the code somewhat.

 

Hth,

Matt

Share this post


Link to post
Share on other sites

Hi,

 

I just need to clarify, before I go and install this one . . .

 

Is it the customer that can upload the file so it is available to the admin? OR

Is it the admin that uploads the file so that it is available to the customer?

 

Regards,

Jarrod

Share this post


Link to post
Share on other sites

could u post a screenshot ? tahnks for your work in advance :rolleyes:

Share this post


Link to post
Share on other sites

i have a problem:

 

if i upload an image it is saved as a file without any extension.

 

the files are stored as "1", "2"... instead of "1.jpg" or "2.gif"

 

whats the reason? maybe i did a mistake while the installation?

 

hope for fast help!

Share this post


Link to post
Share on other sites
the files are stored as "1", "2"... instead of "1.jpg" or "2.gif"

whats the reason? maybe i did a mistake while the installation?

No, that's just the way it works. You can change this behavior by changing the following line in application_top.php (around 375):

                 $products_options_file->set_filename("$insert_id");

to (for example)

                  $products_options_file->set_filename("$insert_id" . $products_options_file->filename);

Hth,

Matt

Share this post


Link to post
Share on other sites
Is it the customer that can upload the file so it is available to the admin? OR

Is it the admin that uploads the file so that it is available to the customer?

The customer uploads a file.

 

Hth,

Matt

Share this post


Link to post
Share on other sites
the files are stored as "1", "2"... instead of "1.jpg" or "2.gif"

whats the reason? maybe i did a mistake while the installation?

No, that's just the way it works. You can change this behavior by changing the following line in application_top.php (around 375):

 ? ? ? ? ? ? ? ? $products_options_file->set_filename("$insert_id");

to (for example)

 ? ? ? ? ? ? ? ? ?$products_options_file->set_filename("$insert_id" . $products_options_file->filename);

Hth,

Matt

thank you. now it works ;)

 

but the next wish i have is to allow only some file extensions like gif or jpg...

 

the user shouldn?t upload zip-files or whatever...

 

i want only graphic and vektor-files..

 

how can i realise this?

 

Ron

Share this post


Link to post
Share on other sites

i have tried to realise the extension-thing by myself...

 

and it works.

 

i?ve changed the classes/upload.php

 

old code:

 

function upload($file = '', $destination = '', $permissions = '777', $extensions = '') {

 

 

new code:

 

function upload($file = '', $destination = '', $permissions = '777', $extensions = array("jpg", "jpeg", "gif", "png", "eps", "cdr", "ai", "pdf")) {

 

i?m happy ;)

 

 

but, iiinetworks: what do you think when the error-messages like "wrong filetype" are ready for use?

Share this post


Link to post
Share on other sites

Great contribution !

 

and excellent remark about file extension. Think of security issues: imagine someone uploading e.g. a php file (or any serverside executable file) and assuming that execute permission exists on upload target directory: could be harmfull !

 

Regards

Share this post


Link to post
Share on other sites
and excellent remark about file extension. Think of security issues: imagine someone uploading e.g. a php file (or any serverside executable file) and assuming that execute permission exists on upload target directory: could be harmfull !
Execute permissions on a directory just allow a directory listing (without them, the directory is essentially useless). However, looking at the code, you are correct that there is a danger involved with possible uploading of executable files. To fix this, you can do three things: one, change line 18 of upload.php to say
, $permissions = '666',

two, add the $extensions default as suggested above (same line); three, copy the .htaccess file from the includes directory to the upload directory. Note: each of these is a separate (albeit related) vulnerability, so one should do all three rather than just one. I'll look into adding these in a replacement upload sometime next week, probably with a revised .htaccess file.

 

Hth,

Matt

Edited by iiinetworks

Share this post


Link to post
Share on other sites
but, iiinetworks: what do you think when the error-messages like "wrong filetype" are ready for use?
I'll try playing with the error messages next week as well. It might be as simple as moving the messageStack lines (around 523-6 of application_top.php) up above the switch (around line 329) and uncommenting the error lines from upload.php.

 

Hth,

Matt

Share this post


Link to post
Share on other sites

my problem is that i use the older version MS1 of osc..there exists no classes/message_stack.php

 

i?ve tried to copy the file to my classes but it doesn`t work...

 

what can i do?

Share this post


Link to post
Share on other sites

The simplest way to implement error messages for older snapshots would be to use a global variable, turn off the redirect at the end of the add_products case (at least on error), and react to the error on the product_info page.

 

Just to let you know, I find it unlikely at the moment that I will undertake a project to backport the messages to older snapshots. In fact, unless it is simple, it may be a while before I get around to making messages work for MS2.

 

Good luck,

Matt

Share this post


Link to post
Share on other sites

Just noticed a weird thing in 0.7 version of code that I downloaded from link above:

In application_top.php I see $products_options_file->set_destination(DIR_FS_UPLOAD); ; but in configure.php I see define('DIR_FS_UPLOADS', DIR_FS_CATALOG . DIR_WS_UPLOADS);

 

And of course when I add my item (with file input option) to my cart I get: Not writeable! DIR_FS_UPLOAD:

 

Changing to DIR_FR_UPLOAD (with no S at end) in configure.php helps.

 

Besides, In configure.php, code has been changed compared to OSC original file from define('DIR_FS_CATALOG', dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME'])); to define('DIR_FS_CATALOG', $FS_DOCUMENT_ROOT . DIR_WS_HTTP_CATALOG);. I reset this back to original code to have contrib working, ... but I was wondering why these changes... ?

Share this post


Link to post
Share on other sites

This is a great contribution and I manged to get everything generally working. It will be nice to generated some error messages on an invalid file type.

 

I have noticed one problem though. In the admin area when I try to change the "Value Price" for the upload (or any option) I get a SQL error:

 

1064 - You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'products_options where products_options_id = '3'' at line 1

 

select products_options_type fro products_options where products_options_id = '3'

 

Any idea if this is just a problem on my system or how I would go about debugging it?

Share this post


Link to post
Share on other sites

That bug is easy:

 

Just change "fro" to "from" in about line 134 in product_attributes.php in the admin code.

Share this post


Link to post
Share on other sites

Update (v.71) released:

 

New feature: .htaccess for upload directory so that people cannot access those files

 

New feature: error messages enabled through messageStack mechanism

 

Change: file types limited to picture file types by default

 

Change: file permissions changed to 666 by default (formerly 777)

 

Fixed: two spelling mistakes: DIR_FS_UPLOAD in includes/configure.php.default and fro to from in line 134 of admin/products_attributes.php

 

Note: since the contribution renames the files without an extension, it is not possible to upload a server-side executable script to the upload directory. At worst, it would just display the text of the script. However, I included the .htaccess for that directory in case someone is using the original name or something like 1-image.gif for a file named image.gif that was the first uploaded. To access those files, just use a regular FTP program (preferably one that uses a secure/SSH connection).

 

Hth,

Matt

Share this post


Link to post
Share on other sites

hi iiinetworks,

 

i think you did a great job on this contrib. but do you think that you can make it compatible with ms1 of osc? the whole message_stack thing doesn?t run under ms1...but i like to have the messages...

 

hope you can help

Share this post


Link to post
Share on other sites

if i use your new upload with all the messagestack features i get the following error:

 

Call to a member function on a non-object in on line 71 in upload.php

 

why this?

Share this post


Link to post
Share on other sites

If messageStack is not defined, then it will throw that error when the code tries to call messageStack functions. It's basically saying that there is no such thing as $messageStack

 

For MS2, I modified application_top.php to create the messageStack earlier (prior to the upload code). This allows it to run properly. I'm not sure what keeps messageStack from running in MS1.

 

Hth,

Matt

Share this post


Link to post
Share on other sites

i?ve installed the osdox-version of ms2 which includes some nice contribs...

in this version i?ve tried to install your contrib...

 

its a ms2..but anything seems to be wrong...

 

but if i put redirections to the upload-class instead of the messagestack it runs..so if an error occurs i will be redirected to a selfmade error-page...

 

it seems that the message stack will not be initialized correctly...

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0