FriendsOfFlarum upload, the intelligent file attachment extension

clarkwinkelmann thanks for bringing this update!

Looks like a small error in the console in /admin after the extension is enabled

Uncaught TypeError: Cannot read property 'settings' of undefined

Littlegolden It didn't said flagrow/upload has been removed

It looks like fof/upload was already installed when you ran that command (says updating).

You can check whether flagrow/upload is still installed with composer show flagrow/upload. If it says "not found", all is good. If it shows the package version, you can remove it with composer remove flagrow/upload.

IanM Looks like a small error in the console in /admin after the extension is enabled

Can you share the output of php flarum info ? I can't think of what is wrong, the only line that could cause this would be app.data.settings in UploadPage. Maybe it's a conflict with another extension. Did you previously used Flagrow Upload ? (because the logic hasn't changed I think).

When I want to download an uploaded php file I get a error 500. Probably because of security measures. Is there a way to allow php files download? My board is for php code and non public.

mistle can you find the full error message ? Check your Flarum logs or PHP logs. Maybe it's just an incorrect mime type.

You also need to make extra sure PHP code can't run where those files are uploaded. The extension won't take care of that. Amazon S3 and other clouds should be safe out of the box.

{"errors":[{"status":"500","code":"unknown"}]}

[2020-02-10 17:03:25] production.ERROR: FoF\Upload\Exceptions\InvalidDownloadException: Server error: `GET http://flarum.local/assets/files/2020-02-10/1581354201-522173-oxerpgetorderarticle.php` resulted in a `500 Internal Server Error` response in /var/www/html/flarum/vendor/fof/upload/src/Downloader/DefaultDownloader.php:49
Stack trace:
#0 /var/www/html/flarum/vendor/fof/upload/src/Commands/DownloadHandler.php(82): FoF\Upload\Downloader\DefaultDownloader->download(Object(FoF\Upload\File), Object(FoF\Upload\Commands\Download))
#1 /var/www/html/flarum/vendor/illuminate/bus/Dispatcher.php(90): FoF\Upload\Commands\DownloadHandler->handle(Object(FoF\Upload\Commands\Download))
#2 /var/www/html/flarum/vendor/illuminate/pipeline/Pipeline.php(128): Illuminate\Bus\Dispatcher->Illuminate\Bus\{closure}(Object(FoF\Upload\Commands\Download))
#3 /var/www/html/flarum/vendor/illuminate/pipeline/Pipeline.php(104): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(FoF\Upload\Commands\Download))
#4 /var/www/html/flarum/vendor/illuminate/bus/Dispatcher.php(98): Illuminate\Pipeline\Pipeline->then(Object(Closure))
#5 /var/www/html/flarum/vendor/illuminate/bus/Dispatcher.php(76): Illuminate\Bus\Dispatcher->dispatchNow(Object(FoF\Upload\Commands\Download))
#6 /var/www/html/flarum/vendor/fof/upload/src/Api/Controllers/DownloadController.php(64): Illuminate\Bus\Dispatcher->dispatch(Object(FoF\Upload\Commands\Download))
#7 /var/www/html/flarum/vendor/flarum/core/src/Http/RouteHandlerFactory.php(38): FoF\Upload\Api\Controllers\DownloadController->handle(Object(Zend\Diactoros\ServerRequest))
#8 /var/www/html/flarum/vendor/flarum/core/src/Http/Middleware/DispatchRoute.php(65): Flarum\Http\RouteHandlerFactory->Flarum\Http\{closure}(Object(Zend\Diactoros\ServerRequest), Array)
#9 /var/www/html/flarum/vendor/zendframework/zend-stratigility/src/Next.php(60): Flarum\Http\Middleware\DispatchRoute->process(Object(Zend\Diactoros\ServerRequest), Object(Closure))
#10 /var/www/html/flarum/vendor/flarum/core/src/Http/Middleware/SetLocale.php(50): Zend\Stratigility\Next->handle(Object(Zend\Diactoros\ServerRequest))
#11 /var/www/html/flarum/vendor/zendframework/zend-stratigility/src/Next.php(60): Flarum\Http\Middleware\SetLocale->process(Object(Zend\Diactoros\ServerRequest), Object(Zend\Stratigility\Next))
#12 /var/www/html/flarum/vendor/flarum/core/src/Http/Middleware/CheckCsrfToken.php(23): Zend\Stratigility\Next->handle(Object(Zend\Diactoros\ServerRequest))
#13 /var/www/html/flarum/vendor/zendframework/zend-stratigility/src/Next.php(60): Flarum\Http\Middleware\CheckCsrfToken->process(Object(Zend\Diactoros\ServerRequest), Object(Zend\Stratigility\Next))
#14 /var/www/html/flarum/vendor/flarum/core/src/Http/Middleware/AuthenticateWithHeader.php(55): Zend\Stratigility\Next->handle(Object(Zend\Diactoros\ServerRequest))
#15 /var/www/html/flarum/vendor/zendframework/zend-stratigility/src/Next.php(60): Flarum\Http\Middleware\AuthenticateWithHeader->process(Object(Zend\Diactoros\ServerRequest), Object(Zend\Stratigility\Next))
#16 /var/www/html/flarum/vendor/flarum/core/src/Http/Middleware/AuthenticateWithSession.php(32): Zend\Stratigility\Next->handle(Object(Zend\Diactoros\ServerRequest))
#17 /var/www/html/flarum/vendor/zendframework/zend-stratigility/src/Next.php(60): Flarum\Http\Middleware\AuthenticateWithSession->process(Object(Zend\Diactoros\ServerRequest), Object(Zend\Stratigility\Next))
#18 /var/www/html/flarum/vendor/flarum/core/src/Http/Middleware/RememberFromCookie.php(51): Zend\Stratigility\Next->handle(Object(Zend\Diactoros\ServerRequest))
#19 /var/www/html/flarum/vendor/zendframework/zend-stratigility/src/Next.php(60): Flarum\Http\Middleware\RememberFromCookie->process(Object(Zend\Diactoros\ServerRequest), Object(Zend\Stratigility\Next))
#20 /var/www/html/flarum/vendor/flarum/core/src/Http/Middleware/StartSession.php(61): Zend\Stratigility\Next->handle(Object(Zend\Diactoros\ServerRequest))
#21 /var/www/html/flarum/vendor/zendframework/zend-stratigility/src/Next.php(60): Flarum\Http\Middleware\StartSession->process(Object(Zend\Diactoros\ServerRequest), Object(Zend\Stratigility\Next))
#22 /var/www/html/flarum/vendor/flarum/core/src/Api/Middleware/FakeHttpMethods.php(29): Zend\Stratigility\Next->handle(Object(Zend\Diactoros\ServerRequest))
#23 /var/www/html/flarum/vendor/zendframework/zend-stratigility/src/Next.php(60): Flarum\Api\Middleware\FakeHttpMethods->process(Object(Zend\Diactoros\ServerRequest), Object(Zend\Stratigility\Next))
#24 /var/www/html/flarum/vendor/flarum/core/src/Http/Middleware/ParseJsonBody.php(28): Zend\Stratigility\Next->handle(Object(Zend\Diactoros\ServerRequest))
#25 /var/www/html/flarum/vendor/zendframework/zend-stratigility/src/Next.php(60): Flarum\Http\Middleware\ParseJsonBody->process(Object(Zend\Diactoros\ServerRequest), Object(Zend\Stratigility\Next))
#26 /var/www/html/flarum/vendor/flarum/core/src/Http/Middleware/HandleErrors.php(57): Zend\Stratigility\Next->handle(Object(Zend\Diactoros\ServerRequest))
#27 /var/www/html/flarum/vendor/zendframework/zend-stratigility/src/Next.php(60): Flarum\Http\Middleware\HandleErrors->process(Object(Zend\Diactoros\ServerRequest), Object(Zend\Stratigility\Next))
#28 /var/www/html/flarum/vendor/zendframework/zend-stratigility/src/MiddlewarePipe.php(83): Zend\Stratigility\Next->handle(Object(Zend\Diactoros\ServerRequest))
#29 /var/www/html/flarum/vendor/middlewares/request-handler/src/RequestHandler.php(84): Zend\Stratigility\MiddlewarePipe->process(Object(Zend\Diactoros\ServerRequest), Object(Zend\Stratigility\Next))
#30 /var/www/html/flarum/vendor/zendframework/zend-stratigility/src/Next.php(60): Middlewares\RequestHandler->process(Object(Zend\Diactoros\ServerRequest), Object(Zend\Stratigility\Next))
#31 /var/www/html/flarum/vendor/middlewares/base-path-router/src/BasePathRouter.php(97): Zend\Stratigility\Next->handle(Object(Zend\Diactoros\ServerRequest))
#32 /var/www/html/flarum/vendor/zendframework/zend-stratigility/src/Next.php(60): Middlewares\BasePathRouter->process(Object(Zend\Diactoros\ServerRequest), Object(Zend\Stratigility\Next))
#33 /var/www/html/flarum/vendor/zendframework/zend-stratigility/src/Middleware/OriginalMessages.php(41): Zend\Stratigility\Next->handle(Object(Zend\Diactoros\ServerRequest))
#34 /var/www/html/flarum/vendor/zendframework/zend-stratigility/src/Next.php(60): Zend\Stratigility\Middleware\OriginalMessages->process(Object(Zend\Diactoros\ServerRequest), Object(Zend\Stratigility\Next))
#35 /var/www/html/flarum/vendor/middlewares/base-path/src/BasePath.php(53): Zend\Stratigility\Next->handle(Object(Zend\Diactoros\ServerRequest))
#36 /var/www/html/flarum/vendor/zendframework/zend-stratigility/src/Next.php(60): Middlewares\BasePath->process(Object(Zend\Diactoros\ServerRequest), Object(Zend\Stratigility\Next))
#37 /var/www/html/flarum/vendor/zendframework/zend-stratigility/src/MiddlewarePipe.php(83): Zend\Stratigility\Next->handle(Object(Zend\Diactoros\ServerRequest))
#38 /var/www/html/flarum/vendor/zendframework/zend-stratigility/src/MiddlewarePipe.php(72): Zend\Stratigility\MiddlewarePipe->process(Object(Zend\Diactoros\ServerRequest), Object(Zend\Stratigility\EmptyPipelineHandler))
#39 /var/www/html/flarum/vendor/zendframework/zend-httphandlerrunner/src/RequestHandlerRunner.php(95): Zend\Stratigility\MiddlewarePipe->handle(Object(Zend\Diactoros\ServerRequest))
#40 /var/www/html/flarum/vendor/flarum/core/src/Http/Server.php(44): Zend\HttpHandlerRunner\RequestHandlerRunner->run()
#41 /var/www/html/flarum/public/index.php(22): Flarum\Http\Server->listen()
#42 {main}  

mistle it seems like your server attempts to run the uploaded PHP files, and it's those files that are throwing an error.

When a file is downloaded in Upload, an internal GET request is made from the download endpoint to the actual resource, which is then proxied to the user for download.

Your log file indicates that while trying to perform that internal GET request, the target file returned a 500 error (which is itself probably logged into the server php or apache logs), indicating that the PHP code in it was most likely executed by your server.

You'll need to disable PHP execution in the assets directory, or use a cloud storage.

Where can we see the Download records.

Littlegolden Where can we see the Download records.

They are only recorded but not shown at this time. You can see the raw data in the fof_upload_downloads table in the database.

Nimren As was noted in the post above yours the only way to see this data is by running an SQL query on the fof_uploads_downloads table in your database. There is currently no UI for this.

hamedkouhfallah try to disable hotlinking protection (or something like that) in the extension settings

matteocontrini
thank you, I disabled hot link protection but stiil got:

{"errors":[{"status":"404","code":"not_found"}]}

hamedkouhfallah it looks like you are still using the Flagrow version. Are you able to update to the new FriendsOfFlarum version ? See instructions in the first post under "update from flagrow".

If you already are under the FriendsOfFlarum, try clearing your cache so that the new download endpoint gets used.

clarkwinkelmann
I updated the extension, Now it is working. Thanks

@clarkwinkelmann

New version is working well so far. The uploading indicactor is definitely a welcomed feature Thanks!

I'm posting here as a heads-up: There's an issue with the CDN prefixing. I commented on this PR here:
FriendsOfFlarum/upload184

I'm pretty sure that the PR will fix the CDN issue but it's being held up by a code-style issue. (One that doesn't seem to make sense considering the way the array helper (Arr::get) works. More info on the PR comments.)

An extra reason why this is important is because Amazon's SSL certificate for *.s3.amazonaws.com is not working. Which means that the way that the Upload extension constructs the URL, results in images not loading. (Browser blocks them because they're not secure. This is if you're hosting your forum on HTTPS)

One workaround to this issue is to use the CDN prefix setting, because then the URLs can be written to use this syntax:
https://s3.amazonaws.com/bucket-name/path-to-file

Instead of:
https://bucket-name.s3.amazonaws.com/path-to-file

I'm hoping that PR can be merged because it fixes both issues at once. Thanks for reading!