• Extensions

  • FriendsOfFlarum upload, the intelligent file attachment extension

Okay it seem to work but there still a way to invert by blacklist instead of whitelist? Whitelist is enabled by default.

This extension is crucial to the success of every Flarum installation. However, I would like to suggest an improvement. I think you should consider adding search functionality to the composer's Media Manager (See the below screenshot for example.). Presently, it's hard to locate an existing image, especially if we want to embed it in another post. Also, the media manager presently shows a limited number of images. The search functionality will help locate the hidden images too. Thanks for the consideration.

    rhaghani you can configure this in your admin dashboard when selecting the extension. You will find all options regarding this extension there.

      This extension is nice, But can you add an option to upload files to external FTP server?
      Next problem is i just configured extension but it just upload images, i can't upload any other formats. What is the solution?

        masihdindar This extension is nice, But can you add an option to upload files to external FTP server?

        That's currently no possible, but you can use aws to upload files externally.

        masihdindar Next problem is i just configured extension but it just upload images, i can't upload any other formats. What is the solution?

        This is depended on your configuration. You can influence what can be uploaded when setting up the mimetype configuration. See the initial post for examples.

            12 days later

            i can not upload pdf file via fof upload extension also i add mime code ..but it doesn't work

            Please share the mine configuration.

            Merged 2 posts from pdf upload .
            7 days later

            Are the fof_upload_files.post_id and fof_upload_files.discussion_id fields used? I'm doing some test uploads and they appear to be null always. I don't see them being referenced in the code, either.

              jedafe No comments nor additional discussion based on what I suggested here. Does it mean no one sees it as a necessity or am I the only one that recognizes its’ importance 🤔?

                  jedafe yeah makes sense to have that feature. But it also means someone needs to build it and currently I cannot commit to that; I expect other people to be busy with their own priorities as well. Sorry to disappoint. You're free to contribute the change or commission it.

                    Hi there, I didn't see this has been brought up after a quick search so I'd ask here whether there is any protective measures/settings for uploaded files.

                    The thing is that my Flarum has been disabled for guests but I can still access uploaded files once I have the URLs (w/o Login), although I have set permissions for FoF Upload as below

                    • Download files ---- Members
                    • View User Uploads ---- Members

                    Also it would be nice to have some re-directive URLs for uploaded files like
                    https://myflarum.com/****/some-random-string
                    but it actually redirects to https://myflarum.com/assets/files/2022-08-09/real-filename

                    Thanks.

                      Merged 1 post from FoF Upload - Security / Attachment Protection.

                      willc that's the intended behavior for protected uploads.

                      You need to use the download template to protect the real URL of the file. The special URL in the download template will check permission before redirecting to the real file URL.

                      The other templates use the real URL to the file so cannot be protected.

                          Is it possible to configure the storage location of the uploaded files outside of flarum_root/public? e.g. under flarum_root/storage

                          7 days later

                          Maybe I should create this as a separate proposal (and I may have already proposed it in another form) but I think the following functionality would be great:

                          Complete admin/moderator audit log for every upload. I imagine this as a separate webpage visible to admins/mods where you see a list of every upload that has been made with information about the user who uploaded it, MIME type, a thumbnail for images, size, a link to the raw file, optionally a list of posts where this file has been used.

                          I'm always being afraid of the following scenario: someone registers on my forum, he doesn't post anything but just starts uploading nasty pictures, then deletes the media entities on his profile and just uses the raw URL-s to pass to other people. Basically he uses my forum for storing illegal pictures and files. I can even be prosecuted for this. And furthermore, there's no easy way to track who did it. This is so dangerous, I've considered uninstalling FoF Upload altogether, at the price of causing discomfort to my regular users. Call me a control freak but I have constant bad thoughts when I think how easy it is for someone to exploit the functionality and to get me into serious troubles, including legal ones... And how easy it is for him to cover up with a complete inability for me to track down who did it 😢