• Extensions

  • FriendsOfFlarum upload, the intelligent file attachment extension

luceos thanks for the reply. I tested it on a copy of my forum and since it was a dev version, I didn't dig too much into it. It will certainly be a pretty good functionality once it's stable and I appreciate it a lot, thanks 👍🏻

My concern is slightly different here. I need to have visibility on who uploads what and if I detect that somebody uses it for e.g. p*rn, and illegal stuff, I need to know who that is and ban him, etc. What you implemented is useful for cleaning up, it would delete the lingering files, true. However at that point it's already lost who uploaded that file. Furthermore, executing the command will completely remove the file, and if I haven't reviewed it, I would have missed that something illegal happened on the forum. I don't want that, I need to audit uploads and take measures.

If more people like my idea and are willing to sponsor it, it would be great if you can implement an interactive upload audit webpage that admin/mods can visit and have a look at all the uploaded files as a list, with proper previews of images, tracking who uploaded that image and punish him if needed, delete it (which would remove it both from the storage, and from the affected posts). I understand it's a complicated functionality, so if we are more people interested in that, please guys, let's sponsor @luceos to implement it 🍻

P.S. I know the commands you implemented will actually list the files when scanning but it's too difficult to follow, I will have to manually copy/paste URL-s to view them one by one... Still not clear who was the author, etc.

P.P.S. If I have to extend further, I think uploads on a forum should be completely public and visible to anybody. That's how it's implemented on some forums I've seen. People can upload files and pictures, but anybody can open the list of all the uploaded files/pictures in a forum and see who's the uploader, so that the functionality is not abused for illegal purposes like e.g. exchanging illegal content in private messages. Currently the uploaded files can even become lingering, so it's just a very convenient upload storage that is both publicly accessible and cannot be tracked to the uploader easily.

      CyberGene I like the idea, but as you said it's a rather complicated thing to write. Mostly in terms of UX I believe. I'd be willing to build this or have someone else build it should there be enough interest.

          luceos I edited my post above multiple times, so, do you have time and are you willing to implement it if we sponsor you? 🙂

              CyberGene an images auditing tool makes a lot of sense. I'd be up to get this tackled, but it depends on the budget how soon.

              In all honesty I've been considering some kind of crowdfunding for all discussions under proposals that meet certain requirements. This would allow bounties for core and extension work, though this can only be enabled once we have everything for it sorted and agreed upon in the team.

              Edit, removed word premium.

                This could very well be the dumbest question asked here, but if a user deletes the contents of their media manager, does that delete the attachment from the forum/post or just the media manager?

                  17 days later

                  Can the extension be made to include the user ID in the file name? This will be a very easy workaround and solution to the problem of not knowing who uploaded an orphaned file. For instance a prefix fluNNN_. It can be optional in the settings.

                    CyberGene v1.3.0 will relate uploads to users and posts, so storing the user id in the file won't be necessary. In addition it would be considered a security implication as we're doing our best - as core - to hide that id.

                        luceos Do you mean that in the 1.3.0 even if the user deletes the entity from his media library, a DB entity will be preserved linking the user to the actual stored file?

                          4 days later

                          我想要切割上传的url用来进行鉴权。但当我使用parse_url("{@url}")的时候,url并不能被切割,我该怎么做,或者我该用什么方法进行鉴权

                          I want to cut the uploaded url for authentication. But when I use parse_url("{@url}"), the url cannot be cut, what should I do or what method should I use to authenticate

                            6 days later

                            Cagdas you need to use fof formatting and then set the upload template to "just url" I don't know the Turkish name for that 🙈

                                Is there ant way to change the upload path to a different folder, outside of the flarum folder?

                                  jacobgrillo no, but you could symlink the folder to another location, and use webserver rewrite rules to block access to the path if needed.

                                    I get "Uploading files of this type is not allowed." when I set up S3 adapter and disable local. Does anyone know how it should be configured?

                                    I am using a Minio instance as S3 endpoint. I have a MIME adapter mapping set to ^image\/.*, S3/Compatible, Default image download template.