mrothauer Thanks! we implemented this and indeed this was our problem! if we knew it was this simple we probably could have fixed it ourself! thanks!!!!

I tried to do something similar to @mrothauer but it still doesn't accept xml

image\/.*
application\/pdf
application\/xml

dragnball try:

(application|text)\/xml for xml as per https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/MIME_types/Complete_list_of_MIME_types

Update time!

The migration over from Flagrow to FriendsOfFlarum is now complete. This update also brings fixes to multiple small bugs that were discovered over the last year.

Things that may break

• If you used the OVH driver, it's no longer supported.
• If you use a language other than English, you might want to wait until your language pack translates the extension.
• If you have been using the extension for a long time, all links to files uploaded in versions prior to 0.6.0 (before November 2017) will disappear and you will see just $file-<id> or $image-<id> in your posts. You can edit the posts and save them and that old tag will be automatically replaced with the new bbcode. If you need a tool to perform a mass update, please let us know. We'll only implement it if it's actually needed.

If you didn't have Flagrow Upload installed previously

Just install like any other extension:

composer require fof/upload

If you previously had Flagrow Upload installed, even if it was disabled

To upgrade from the old extension to the new one:

• Backup your data! You should backup the database and the uploaded files.

• Make sure the latest version of Flagrow upload is installed and migrations have run:

composer require flagrow/upload
composer show flagrow/upload # You should see "versions: * 0.7.1" on the 4th line of output
php flarum migrate

• Disable the Upload extension in the admin panel.

• Run:

composer require fof/upload

Composer should let you know that flagrow/upload has been automatically removed.

• Enable the new extension in the admin panel.

• Your existing configuration and uploads meta will be migrated to FoF Upload automatically.

• The same file locations on the disk are used by FoF Upload, it means the files don't need to be moved.

Changelog

Here's the complete changelog for this release:

• Moved to FriendsOfFlarum namespace
  • Packagist package is now fof/upload
  • Extension developers: the PHP namespace for events is now FoF\Upload instead of Flagrow\Upload
  • Language pack maitainers: Translations namespace is now fof-upload instead of flagrow-upload. Also there have been a few changes to the strings
• Removed non-English translations
  • Language pack maintainers can copy the old translations from the previous commit (don't forget to update the namespace and add the new strings)
• Removed OVH driver because the third-party library we used has been abandonned and deleted by the author
• Removed the old pre-0.6 deprecated file templates from Flagrow Upload. If you see $file-<stuff> or $image-<stuff> in your old posts, you can edit the post (change at least one character) and save it to automatically migrate the old tags to the new file bbcode
• Fix the bbcode not being automatically parsed when the extension was just installed (the formatter cache is now cleared when the extension is enabled/disabled)
• Fixed bugs related to copy-pasting and drag-and-drop not working the second time the composer is opened
• Added "uploading" indicator in the upload button
• Made the whole of the download button / image preview clickable (previously only the icon would trigger the file download)
• Removed a bunch of unused code, and moved listeners to the new Flarum extenders

Let us know if you have any question!

Beautiful. The uploading indicator, although a tiny detail, is something I know many people have hoped for.

There is one leftover in translations: https://github.com/FriendsOfFlarum/upload/blob/5de9a8a839c8b4504f21a85058159d7f6957dde7/resources/locale/en.yml#L74

Littlegolden It didn't said flagrow/upload has been removed

It looks like fof/upload was already installed when you ran that command (says updating).

You can check whether flagrow/upload is still installed with composer show flagrow/upload. If it says "not found", all is good. If it shows the package version, you can remove it with composer remove flagrow/upload.

IanM Looks like a small error in the console in /admin after the extension is enabled

Can you share the output of php flarum info ? I can't think of what is wrong, the only line that could cause this would be app.data.settings in UploadPage. Maybe it's a conflict with another extension. Did you previously used Flagrow Upload ? (because the logic hasn't changed I think).

When I want to download an uploaded php file I get a error 500. Probably because of security measures. Is there a way to allow php files download? My board is for php code and non public.

mistle can you find the full error message ? Check your Flarum logs or PHP logs. Maybe it's just an incorrect mime type.

You also need to make extra sure PHP code can't run where those files are uploaded. The extension won't take care of that. Amazon S3 and other clouds should be safe out of the box.

{"errors":[{"status":"500","code":"unknown"}]}

[2020-02-10 17:03:25] production.ERROR: FoF\Upload\Exceptions\InvalidDownloadException: Server error: `GET http://flarum.local/assets/files/2020-02-10/1581354201-522173-oxerpgetorderarticle.php` resulted in a `500 Internal Server Error` response in /var/www/html/flarum/vendor/fof/upload/src/Downloader/DefaultDownloader.php:49
Stack trace:
#0 /var/www/html/flarum/vendor/fof/upload/src/Commands/DownloadHandler.php(82): FoF\Upload\Downloader\DefaultDownloader->download(Object(FoF\Upload\File), Object(FoF\Upload\Commands\Download))
#1 /var/www/html/flarum/vendor/illuminate/bus/Dispatcher.php(90): FoF\Upload\Commands\DownloadHandler->handle(Object(FoF\Upload\Commands\Download))
#2 /var/www/html/flarum/vendor/illuminate/pipeline/Pipeline.php(128): Illuminate\Bus\Dispatcher->Illuminate\Bus\{closure}(Object(FoF\Upload\Commands\Download))
#3 /var/www/html/flarum/vendor/illuminate/pipeline/Pipeline.php(104): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(FoF\Upload\Commands\Download))
#4 /var/www/html/flarum/vendor/illuminate/bus/Dispatcher.php(98): Illuminate\Pipeline\Pipeline->then(Object(Closure))
#5 /var/www/html/flarum/vendor/illuminate/bus/Dispatcher.php(76): Illuminate\Bus\Dispatcher->dispatchNow(Object(FoF\Upload\Commands\Download))
#6 /var/www/html/flarum/vendor/fof/upload/src/Api/Controllers/DownloadController.php(64): Illuminate\Bus\Dispatcher->dispatch(Object(FoF\Upload\Commands\Download))
#7 /var/www/html/flarum/vendor/flarum/core/src/Http/RouteHandlerFactory.php(38): FoF\Upload\Api\Controllers\DownloadController->handle(Object(Zend\Diactoros\ServerRequest))
#8 /var/www/html/flarum/vendor/flarum/core/src/Http/Middleware/DispatchRoute.php(65): Flarum\Http\RouteHandlerFactory->Flarum\Http\{closure}(Object(Zend\Diactoros\ServerRequest), Array)
#9 /var/www/html/flarum/vendor/zendframework/zend-stratigility/src/Next.php(60): Flarum\Http\Middleware\DispatchRoute->process(Object(Zend\Diactoros\ServerRequest), Object(Closure))
#10 /var/www/html/flarum/vendor/flarum/core/src/Http/Middleware/SetLocale.php(50): Zend\Stratigility\Next->handle(Object(Zend\Diactoros\ServerRequest))
#11 /var/www/html/flarum/vendor/zendframework/zend-stratigility/src/Next.php(60): Flarum\Http\Middleware\SetLocale->process(Object(Zend\Diactoros\ServerRequest), Object(Zend\Stratigility\Next))
#12 /var/www/html/flarum/vendor/flarum/core/src/Http/Middleware/CheckCsrfToken.php(23): Zend\Stratigility\Next->handle(Object(Zend\Diactoros\ServerRequest))
#13 /var/www/html/flarum/vendor/zendframework/zend-stratigility/src/Next.php(60): Flarum\Http\Middleware\CheckCsrfToken->process(Object(Zend\Diactoros\ServerRequest), Object(Zend\Stratigility\Next))
#14 /var/www/html/flarum/vendor/flarum/core/src/Http/Middleware/AuthenticateWithHeader.php(55): Zend\Stratigility\Next->handle(Object(Zend\Diactoros\ServerRequest))
#15 /var/www/html/flarum/vendor/zendframework/zend-stratigility/src/Next.php(60): Flarum\Http\Middleware\AuthenticateWithHeader->process(Object(Zend\Diactoros\ServerRequest), Object(Zend\Stratigility\Next))
#16 /var/www/html/flarum/vendor/flarum/core/src/Http/Middleware/AuthenticateWithSession.php(32): Zend\Stratigility\Next->handle(Object(Zend\Diactoros\ServerRequest))
#17 /var/www/html/flarum/vendor/zendframework/zend-stratigility/src/Next.php(60): Flarum\Http\Middleware\AuthenticateWithSession->process(Object(Zend\Diactoros\ServerRequest), Object(Zend\Stratigility\Next))
#18 /var/www/html/flarum/vendor/flarum/core/src/Http/Middleware/RememberFromCookie.php(51): Zend\Stratigility\Next->handle(Object(Zend\Diactoros\ServerRequest))
#19 /var/www/html/flarum/vendor/zendframework/zend-stratigility/src/Next.php(60): Flarum\Http\Middleware\RememberFromCookie->process(Object(Zend\Diactoros\ServerRequest), Object(Zend\Stratigility\Next))
#20 /var/www/html/flarum/vendor/flarum/core/src/Http/Middleware/StartSession.php(61): Zend\Stratigility\Next->handle(Object(Zend\Diactoros\ServerRequest))
#21 /var/www/html/flarum/vendor/zendframework/zend-stratigility/src/Next.php(60): Flarum\Http\Middleware\StartSession->process(Object(Zend\Diactoros\ServerRequest), Object(Zend\Stratigility\Next))
#22 /var/www/html/flarum/vendor/flarum/core/src/Api/Middleware/FakeHttpMethods.php(29): Zend\Stratigility\Next->handle(Object(Zend\Diactoros\ServerRequest))
#23 /var/www/html/flarum/vendor/zendframework/zend-stratigility/src/Next.php(60): Flarum\Api\Middleware\FakeHttpMethods->process(Object(Zend\Diactoros\ServerRequest), Object(Zend\Stratigility\Next))
#24 /var/www/html/flarum/vendor/flarum/core/src/Http/Middleware/ParseJsonBody.php(28): Zend\Stratigility\Next->handle(Object(Zend\Diactoros\ServerRequest))
#25 /var/www/html/flarum/vendor/zendframework/zend-stratigility/src/Next.php(60): Flarum\Http\Middleware\ParseJsonBody->process(Object(Zend\Diactoros\ServerRequest), Object(Zend\Stratigility\Next))
#26 /var/www/html/flarum/vendor/flarum/core/src/Http/Middleware/HandleErrors.php(57): Zend\Stratigility\Next->handle(Object(Zend\Diactoros\ServerRequest))
#27 /var/www/html/flarum/vendor/zendframework/zend-stratigility/src/Next.php(60): Flarum\Http\Middleware\HandleErrors->process(Object(Zend\Diactoros\ServerRequest), Object(Zend\Stratigility\Next))
#28 /var/www/html/flarum/vendor/zendframework/zend-stratigility/src/MiddlewarePipe.php(83): Zend\Stratigility\Next->handle(Object(Zend\Diactoros\ServerRequest))
#29 /var/www/html/flarum/vendor/middlewares/request-handler/src/RequestHandler.php(84): Zend\Stratigility\MiddlewarePipe->process(Object(Zend\Diactoros\ServerRequest), Object(Zend\Stratigility\Next))
#30 /var/www/html/flarum/vendor/zendframework/zend-stratigility/src/Next.php(60): Middlewares\RequestHandler->process(Object(Zend\Diactoros\ServerRequest), Object(Zend\Stratigility\Next))
#31 /var/www/html/flarum/vendor/middlewares/base-path-router/src/BasePathRouter.php(97): Zend\Stratigility\Next->handle(Object(Zend\Diactoros\ServerRequest))
#32 /var/www/html/flarum/vendor/zendframework/zend-stratigility/src/Next.php(60): Middlewares\BasePathRouter->process(Object(Zend\Diactoros\ServerRequest), Object(Zend\Stratigility\Next))
#33 /var/www/html/flarum/vendor/zendframework/zend-stratigility/src/Middleware/OriginalMessages.php(41): Zend\Stratigility\Next->handle(Object(Zend\Diactoros\ServerRequest))
#34 /var/www/html/flarum/vendor/zendframework/zend-stratigility/src/Next.php(60): Zend\Stratigility\Middleware\OriginalMessages->process(Object(Zend\Diactoros\ServerRequest), Object(Zend\Stratigility\Next))
#35 /var/www/html/flarum/vendor/middlewares/base-path/src/BasePath.php(53): Zend\Stratigility\Next->handle(Object(Zend\Diactoros\ServerRequest))
#36 /var/www/html/flarum/vendor/zendframework/zend-stratigility/src/Next.php(60): Middlewares\BasePath->process(Object(Zend\Diactoros\ServerRequest), Object(Zend\Stratigility\Next))
#37 /var/www/html/flarum/vendor/zendframework/zend-stratigility/src/MiddlewarePipe.php(83): Zend\Stratigility\Next->handle(Object(Zend\Diactoros\ServerRequest))
#38 /var/www/html/flarum/vendor/zendframework/zend-stratigility/src/MiddlewarePipe.php(72): Zend\Stratigility\MiddlewarePipe->process(Object(Zend\Diactoros\ServerRequest), Object(Zend\Stratigility\EmptyPipelineHandler))
#39 /var/www/html/flarum/vendor/zendframework/zend-httphandlerrunner/src/RequestHandlerRunner.php(95): Zend\Stratigility\MiddlewarePipe->handle(Object(Zend\Diactoros\ServerRequest))
#40 /var/www/html/flarum/vendor/flarum/core/src/Http/Server.php(44): Zend\HttpHandlerRunner\RequestHandlerRunner->run()
#41 /var/www/html/flarum/public/index.php(22): Flarum\Http\Server->listen()
#42 {main}  

mistle it seems like your server attempts to run the uploaded PHP files, and it's those files that are throwing an error.

When a file is downloaded in Upload, an internal GET request is made from the download endpoint to the actual resource, which is then proxied to the user for download.

Your log file indicates that while trying to perform that internal GET request, the target file returned a 500 error (which is itself probably logged into the server php or apache logs), indicating that the PHP code in it was most likely executed by your server.

You'll need to disable PHP execution in the assets directory, or use a cloud storage.

Where can we see the Download records.

Littlegolden Where can we see the Download records.

They are only recorded but not shown at this time. You can see the raw data in the fof_upload_downloads table in the database.