• Extensions

  • FriendsOfFlarum upload, the intelligent file attachment extension

I found a real issue with with the S3 driver. (The issue is actually with Amazon's certificate.)

The URLs used in the latest version are like this:
https://<bucket-name>.s3.eu-central-1.amazonaws.com/<path-to-file>

They used to be:
https://s3.eu-central-1.amazonaws.com/<bucket-name>/<path-to-file>

Obviously the first one looks better than the second but... but but but...

Amazon's certificate is broken for *.s3.eu-central-1.amazonaws.com which means if your forum is using HTTPS, then those images from Amazon won't load.

My proposal is to switch back to the previous URL structure. That still works.

Hi all! How can I make a FULL preview for photos, and download menu for files with a download button?
Files:

Photo:

    Alt

    These settings work for full preview images and download-link for pdf. just adapt the second regex if you want to allow more filetypes.

    Img: Last dropdown option selected
    Pdf: First dropdown option selected

    • Alt replied to this.

        Hi,
        I have installed UPLOAD but just I as an administrator can see that on my editor, The forum users can not see this module.
        thanks

          5 days later

          mrothauer Thanks! we implemented this and indeed this was our problem! if we knew it was this simple we probably could have fixed it ourself! thanks!!!!

            Hi! An excellent extension!
            But I might need some help here.
            In order to enable uploading ".docx", I configured the mime type as application\/vnd.openxmlformats-officedocument.*. But when I uploaded a docx file on the forum, it became a zip file. Though after I changed the suffix ".zip" to ".docx" it worked. I'm confused. Is there something that I could do to fix this?

            I tried to do something similar to @mrothauer but it still doesn't accept xml

            image\/.*
            application\/pdf
            application\/xml

              Hi, thank you for your extension. I didn’t understand how to enable the upload of documents such as : .doc, .odp, .ppt, etc. Could you help me ?
              I tried this :
              (video\/(3gpp|mp4|mpeg|quicktime|webm))|(audio\/(aiff|midi|mpeg|mp4))|(image\/(gif|jpeg|png))|(application\/(x-(7z|rar)-compressed|zip|arj|x-(bzip2|gzip|lha|stuffit|tar)|pdf))|(document\/(doc|docx|odt|ppt|pptx|odp|xls|xlsx|ods)).

              clarkwinkelmann changed the title to FriendsOfFlarum upload, the intelligent file attachment extension .

              Update time!

              The migration over from Flagrow to FriendsOfFlarum is now complete. This update also brings fixes to multiple small bugs that were discovered over the last year.

              Things that may break

              • If you used the OVH driver, it's no longer supported.
              • If you use a language other than English, you might want to wait until your language pack translates the extension.
              • If you have been using the extension for a long time, all links to files uploaded in versions prior to 0.6.0 (before November 2017) will disappear and you will see just $file-<id> or $image-<id> in your posts. You can edit the posts and save them and that old tag will be automatically replaced with the new bbcode. If you need a tool to perform a mass update, please let us know. We'll only implement it if it's actually needed.

              If you didn't have Flagrow Upload installed previously

              Just install like any other extension:

              composer require fof/upload

              If you previously had Flagrow Upload installed, even if it was disabled

              To upgrade from the old extension to the new one:

              • Backup your data! You should backup the database and the uploaded files.

              • Make sure the latest version of Flagrow upload is installed and migrations have run:

              composer require flagrow/upload
composer show flagrow/upload # You should see "versions: * 0.7.1" on the 4th line of output
php flarum migrate

              • Disable the Upload extension in the admin panel.

              • Run:

              composer require fof/upload

              Composer should let you know that flagrow/upload has been automatically removed.

              • Enable the new extension in the admin panel.

              • Your existing configuration and uploads meta will be migrated to FoF Upload automatically.

              • The same file locations on the disk are used by FoF Upload, it means the files don't need to be moved.

              Changelog

              Here's the complete changelog for this release:

              • Moved to FriendsOfFlarum namespace
                • Packagist package is now fof/upload
                • Extension developers: the PHP namespace for events is now FoF\Upload instead of Flagrow\Upload
                • Language pack maitainers: Translations namespace is now fof-upload instead of flagrow-upload. Also there have been a few changes to the strings
              • Removed non-English translations
                • Language pack maintainers can copy the old translations from the previous commit (don't forget to update the namespace and add the new strings)
              • Removed OVH driver because the third-party library we used has been abandonned and deleted by the author
              • Removed the old pre-0.6 deprecated file templates from Flagrow Upload. If you see $file-<stuff> or $image-<stuff> in your old posts, you can edit the post (change at least one character) and save it to automatically migrate the old tags to the new file bbcode
              • Fix the bbcode not being automatically parsed when the extension was just installed (the formatter cache is now cleared when the extension is enabled/disabled)
              • Fixed bugs related to copy-pasting and drag-and-drop not working the second time the composer is opened
              • Added "uploading" indicator in the upload button
              • Made the whole of the download button / image preview clickable (previously only the icon would trigger the file download)
              • Removed a bunch of unused code, and moved listeners to the new Flarum extenders

              Let us know if you have any question!

                Beautiful. The uploading indicator, although a tiny detail, is something I know many people have hoped for. 🙏

                clarkwinkelmann thanks for bringing this update!

                Looks like a small error in the console in /admin after the extension is enabled

                Uncaught TypeError: Cannot read property 'settings' of undefined

                    Littlegolden It didn't said flagrow/upload has been removed

                    It looks like fof/upload was already installed when you ran that command (says updating).

                    You can check whether flagrow/upload is still installed with composer show flagrow/upload. If it says "not found", all is good. If it shows the package version, you can remove it with composer remove flagrow/upload.

                    IanM Looks like a small error in the console in /admin after the extension is enabled

                    Can you share the output of php flarum info ? I can't think of what is wrong, the only line that could cause this would be app.data.settings in UploadPage. Maybe it's a conflict with another extension. Did you previously used Flagrow Upload ? (because the logic hasn't changed I think).

                        When I want to download an uploaded php file I get a error 500. Probably because of security measures. Is there a way to allow php files download? My board is for php code and non public.

                          mistle can you find the full error message ? Check your Flarum logs or PHP logs. Maybe it's just an incorrect mime type.

                          You also need to make extra sure PHP code can't run where those files are uploaded. The extension won't take care of that. Amazon S3 and other clouds should be safe out of the box.

                            {"errors":[{"status":"500","code":"unknown"}]}

                            [2020-02-10 17:03:25] production.ERROR: FoF\Upload\Exceptions\InvalidDownloadException: Server error: `GET http://flarum.local/assets/files/2020-02-10/1581354201-522173-oxerpgetorderarticle.php` resulted in a `500 Internal Server Error` response in /var/www/html/flarum/vendor/fof/upload/src/Downloader/DefaultDownloader.php:49
Stack trace:
#0 /var/www/html/flarum/vendor/fof/upload/src/Commands/DownloadHandler.php(82): FoF\Upload\Downloader\DefaultDownloader->download(Object(FoF\Upload\File), Object(FoF\Upload\Commands\Download))
#1 /var/www/html/flarum/vendor/illuminate/bus/Dispatcher.php(90): FoF\Upload\Commands\DownloadHandler->handle(Object(FoF\Upload\Commands\Download))
#2 /var/www/html/flarum/vendor/illuminate/pipeline/Pipeline.php(128): Illuminate\Bus\Dispatcher->Illuminate\Bus\{closure}(Object(FoF\Upload\Commands\Download))
#3 /var/www/html/flarum/vendor/illuminate/pipeline/Pipeline.php(104): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(FoF\Upload\Commands\Download))
#4 /var/www/html/flarum/vendor/illuminate/bus/Dispatcher.php(98): Illuminate\Pipeline\Pipeline->then(Object(Closure))
#5 /var/www/html/flarum/vendor/illuminate/bus/Dispatcher.php(76): Illuminate\Bus\Dispatcher->dispatchNow(Object(FoF\Upload\Commands\Download))
#6 /var/www/html/flarum/vendor/fof/upload/src/Api/Controllers/DownloadController.php(64): Illuminate\Bus\Dispatcher->dispatch(Object(FoF\Upload\Commands\Download))
#7 /var/www/html/flarum/vendor/flarum/core/src/Http/RouteHandlerFactory.php(38): FoF\Upload\Api\Controllers\DownloadController->handle(Object(Zend\Diactoros\ServerRequest))
#8 /var/www/html/flarum/vendor/flarum/core/src/Http/Middleware/DispatchRoute.php(65): Flarum\Http\RouteHandlerFactory->Flarum\Http\{closure}(Object(Zend\Diactoros\ServerRequest), Array)
#9 /var/www/html/flarum/vendor/zendframework/zend-stratigility/src/Next.php(60): Flarum\Http\Middleware\DispatchRoute->process(Object(Zend\Diactoros\ServerRequest), Object(Closure))
#10 /var/www/html/flarum/vendor/flarum/core/src/Http/Middleware/SetLocale.php(50): Zend\Stratigility\Next->handle(Object(Zend\Diactoros\ServerRequest))
#11 /var/www/html/flarum/vendor/zendframework/zend-stratigility/src/Next.php(60): Flarum\Http\Middleware\SetLocale->process(Object(Zend\Diactoros\ServerRequest), Object(Zend\Stratigility\Next))
#12 /var/www/html/flarum/vendor/flarum/core/src/Http/Middleware/CheckCsrfToken.php(23): Zend\Stratigility\Next->handle(Object(Zend\Diactoros\ServerRequest))
#13 /var/www/html/flarum/vendor/zendframework/zend-stratigility/src/Next.php(60): Flarum\Http\Middleware\CheckCsrfToken->process(Object(Zend\Diactoros\ServerRequest), Object(Zend\Stratigility\Next))
#14 /var/www/html/flarum/vendor/flarum/core/src/Http/Middleware/AuthenticateWithHeader.php(55): Zend\Stratigility\Next->handle(Object(Zend\Diactoros\ServerRequest))
#15 /var/www/html/flarum/vendor/zendframework/zend-stratigility/src/Next.php(60): Flarum\Http\Middleware\AuthenticateWithHeader->process(Object(Zend\Diactoros\ServerRequest), Object(Zend\Stratigility\Next))
#16 /var/www/html/flarum/vendor/flarum/core/src/Http/Middleware/AuthenticateWithSession.php(32): Zend\Stratigility\Next->handle(Object(Zend\Diactoros\ServerRequest))
#17 /var/www/html/flarum/vendor/zendframework/zend-stratigility/src/Next.php(60): Flarum\Http\Middleware\AuthenticateWithSession->process(Object(Zend\Diactoros\ServerRequest), Object(Zend\Stratigility\Next))
#18 /var/www/html/flarum/vendor/flarum/core/src/Http/Middleware/RememberFromCookie.php(51): Zend\Stratigility\Next->handle(Object(Zend\Diactoros\ServerRequest))
#19 /var/www/html/flarum/vendor/zendframework/zend-stratigility/src/Next.php(60): Flarum\Http\Middleware\RememberFromCookie->process(Object(Zend\Diactoros\ServerRequest), Object(Zend\Stratigility\Next))
#20 /var/www/html/flarum/vendor/flarum/core/src/Http/Middleware/StartSession.php(61): Zend\Stratigility\Next->handle(Object(Zend\Diactoros\ServerRequest))
#21 /var/www/html/flarum/vendor/zendframework/zend-stratigility/src/Next.php(60): Flarum\Http\Middleware\StartSession->process(Object(Zend\Diactoros\ServerRequest), Object(Zend\Stratigility\Next))
#22 /var/www/html/flarum/vendor/flarum/core/src/Api/Middleware/FakeHttpMethods.php(29): Zend\Stratigility\Next->handle(Object(Zend\Diactoros\ServerRequest))
#23 /var/www/html/flarum/vendor/zendframework/zend-stratigility/src/Next.php(60): Flarum\Api\Middleware\FakeHttpMethods->process(Object(Zend\Diactoros\ServerRequest), Object(Zend\Stratigility\Next))
#24 /var/www/html/flarum/vendor/flarum/core/src/Http/Middleware/ParseJsonBody.php(28): Zend\Stratigility\Next->handle(Object(Zend\Diactoros\ServerRequest))
#25 /var/www/html/flarum/vendor/zendframework/zend-stratigility/src/Next.php(60): Flarum\Http\Middleware\ParseJsonBody->process(Object(Zend\Diactoros\ServerRequest), Object(Zend\Stratigility\Next))
#26 /var/www/html/flarum/vendor/flarum/core/src/Http/Middleware/HandleErrors.php(57): Zend\Stratigility\Next->handle(Object(Zend\Diactoros\ServerRequest))
#27 /var/www/html/flarum/vendor/zendframework/zend-stratigility/src/Next.php(60): Flarum\Http\Middleware\HandleErrors->process(Object(Zend\Diactoros\ServerRequest), Object(Zend\Stratigility\Next))
#28 /var/www/html/flarum/vendor/zendframework/zend-stratigility/src/MiddlewarePipe.php(83): Zend\Stratigility\Next->handle(Object(Zend\Diactoros\ServerRequest))
#29 /var/www/html/flarum/vendor/middlewares/request-handler/src/RequestHandler.php(84): Zend\Stratigility\MiddlewarePipe->process(Object(Zend\Diactoros\ServerRequest), Object(Zend\Stratigility\Next))
#30 /var/www/html/flarum/vendor/zendframework/zend-stratigility/src/Next.php(60): Middlewares\RequestHandler->process(Object(Zend\Diactoros\ServerRequest), Object(Zend\Stratigility\Next))
#31 /var/www/html/flarum/vendor/middlewares/base-path-router/src/BasePathRouter.php(97): Zend\Stratigility\Next->handle(Object(Zend\Diactoros\ServerRequest))
#32 /var/www/html/flarum/vendor/zendframework/zend-stratigility/src/Next.php(60): Middlewares\BasePathRouter->process(Object(Zend\Diactoros\ServerRequest), Object(Zend\Stratigility\Next))
#33 /var/www/html/flarum/vendor/zendframework/zend-stratigility/src/Middleware/OriginalMessages.php(41): Zend\Stratigility\Next->handle(Object(Zend\Diactoros\ServerRequest))
#34 /var/www/html/flarum/vendor/zendframework/zend-stratigility/src/Next.php(60): Zend\Stratigility\Middleware\OriginalMessages->process(Object(Zend\Diactoros\ServerRequest), Object(Zend\Stratigility\Next))
#35 /var/www/html/flarum/vendor/middlewares/base-path/src/BasePath.php(53): Zend\Stratigility\Next->handle(Object(Zend\Diactoros\ServerRequest))
#36 /var/www/html/flarum/vendor/zendframework/zend-stratigility/src/Next.php(60): Middlewares\BasePath->process(Object(Zend\Diactoros\ServerRequest), Object(Zend\Stratigility\Next))
#37 /var/www/html/flarum/vendor/zendframework/zend-stratigility/src/MiddlewarePipe.php(83): Zend\Stratigility\Next->handle(Object(Zend\Diactoros\ServerRequest))
#38 /var/www/html/flarum/vendor/zendframework/zend-stratigility/src/MiddlewarePipe.php(72): Zend\Stratigility\MiddlewarePipe->process(Object(Zend\Diactoros\ServerRequest), Object(Zend\Stratigility\EmptyPipelineHandler))
#39 /var/www/html/flarum/vendor/zendframework/zend-httphandlerrunner/src/RequestHandlerRunner.php(95): Zend\Stratigility\MiddlewarePipe->handle(Object(Zend\Diactoros\ServerRequest))
#40 /var/www/html/flarum/vendor/flarum/core/src/Http/Server.php(44): Zend\HttpHandlerRunner\RequestHandlerRunner->run()
#41 /var/www/html/flarum/public/index.php(22): Flarum\Http\Server->listen()
#42 {main}

                              mistle it seems like your server attempts to run the uploaded PHP files, and it's those files that are throwing an error.

                              When a file is downloaded in Upload, an internal GET request is made from the download endpoint to the actual resource, which is then proxied to the user for download.

                              Your log file indicates that while trying to perform that internal GET request, the target file returned a 500 error (which is itself probably logged into the server php or apache logs), indicating that the PHP code in it was most likely executed by your server.

                              You'll need to disable PHP execution in the assets directory, or use a cloud storage.

                                  clarkwinkelmann Thank you for your help. I will try to change the permissions for uploaded files.

                                  EDIT: Removing the execution permission does not solve the problem.
                                  EDIT2: .htaccess in public/assets/files with "php_flag engine off" solves the issue.

                                    Littlegolden Where can we see the Download records.

                                    They are only recorded but not shown at this time. You can see the raw data in the fof_upload_downloads table in the database.

                                      Nimren As was noted in the post above yours the only way to see this data is by running an SQL query on the fof_uploads_downloads table in your database. There is currently no UI for this.

                                        4 days later

                                        HI,
                                        with this expression now my users can upload zip files:
                                        (video\/(3gpp|mp4|mpeg|quicktime|webm))|(audio\/(aiff|midi|mpeg|mp4))|(image\/(gif|jpeg|png))|(application\/(x-(7z|rar|zip)-compressed|zip|arj|x-(bzip2|gzip|lha|stuffit|tar)|pdf))

                                        but after upload a zip file and then try to down load I got this error:

                                        {"errors":[{"status":"404","code":"not_found"}]}

                                        this is the url:

                                        https://forum.voipiran.io/api/flagrow/download/649b92dd-5065-4321-87ee-9405910fa9c7/1982/GAFoxvAOX9APrNLFe56xrXFU5mcqYJLDkUPKaesy

                                          hamedkouhfallah it looks like you are still using the Flagrow version. Are you able to update to the new FriendsOfFlarum version ? See instructions in the first post under "update from flagrow".

                                          If you already are under the FriendsOfFlarum, try clearing your cache so that the new download endpoint gets used.

                                              • [deleted]

                                              • Post #848
                                              • Edited

                                              Recently I started using this useful extension, but even hotlinking is disabled I can access uploaded images using direct link/full file path. What can I do to prevent this?

                                                @clarkwinkelmann

                                                New version is working well so far. The uploading indicactor is definitely a welcomed feature 🙂 Thanks!

                                                I'm posting here as a heads-up: There's an issue with the CDN prefixing. I commented on this PR here:
                                                FriendsOfFlarum/upload184

                                                I'm pretty sure that the PR will fix the CDN issue but it's being held up by a code-style issue. (One that doesn't seem to make sense considering the way the array helper (Arr::get) works. More info on the PR comments.)

                                                An extra reason why this is important is because Amazon's SSL certificate for *.s3.amazonaws.com is not working. Which means that the way that the Upload extension constructs the URL, results in images not loading. (Browser blocks them because they're not secure. This is if you're hosting your forum on HTTPS)

                                                One workaround to this issue is to use the CDN prefix setting, because then the URLs can be written to use this syntax:
                                                https://s3.amazonaws.com/bucket-name/path-to-file

                                                Instead of:
                                                https://bucket-name.s3.amazonaws.com/path-to-file

                                                I'm hoping that PR can be merged because it fixes both issues at once. Thanks for reading!

                                                How do I set upload of files like ".cfg .txt .ini .games .inc .sp .smx .so .dll"?

                                                (video\/(3gpp|mp4|mpeg|quicktime|webm))|(audio\/(aiff|midi|mpeg|mp4))|(image\/(gif|jpeg|png))|(application\/(x-(7z|rar|zip)-compressed|zip|arj|x-(bzip2|gzip|lha|stuffit|tar)|pdf))

                                                [deleted] I can access uploaded images using direct link/full file path

                                                If you use a template other than "with preview", the full path will not be revealed to the user.

                                                If you want to protect the files in assets from hotlinking, you'll need some additional config in your webserver. This extension doesn't take care of it. Only the "download" API endpoint is protected from hotlinking.

                                                  4 days later

                                                  Just installed this extension and it actually uploads the file but it does not display properly.

                                                  It inserts [upl-image-preview url=path/to.png] but it is not interpreted. It just shows up as text, just like in this post.

                                                    ScottBeeson clear the cache from the admin panel or by running php flarum cache:clear.

                                                    Though the new version is now supposed to clear the cache correctly by itself when the extension is enabled.