clarkwinkelmann mistle can you find the full error message ? Check your Flarum logs or PHP logs. Maybe it's just an incorrect mime type. You also need to make extra sure PHP code can't run where those files are uploaded. The extension won't take care of that. Amazon S3 and other clouds should be safe out of the box.
mistle {"errors":[{"status":"500","code":"unknown"}]} [2020-02-10 17:03:25] production.ERROR: FoF\Upload\Exceptions\InvalidDownloadException: Server error: `GET http://flarum.local/assets/files/2020-02-10/1581354201-522173-oxerpgetorderarticle.php` resulted in a `500 Internal Server Error` response in /var/www/html/flarum/vendor/fof/upload/src/Downloader/DefaultDownloader.php:49 Stack trace: #0 /var/www/html/flarum/vendor/fof/upload/src/Commands/DownloadHandler.php(82): FoF\Upload\Downloader\DefaultDownloader->download(Object(FoF\Upload\File), Object(FoF\Upload\Commands\Download)) #1 /var/www/html/flarum/vendor/illuminate/bus/Dispatcher.php(90): FoF\Upload\Commands\DownloadHandler->handle(Object(FoF\Upload\Commands\Download)) #2 /var/www/html/flarum/vendor/illuminate/pipeline/Pipeline.php(128): Illuminate\Bus\Dispatcher->Illuminate\Bus\{closure}(Object(FoF\Upload\Commands\Download)) #3 /var/www/html/flarum/vendor/illuminate/pipeline/Pipeline.php(104): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(FoF\Upload\Commands\Download)) #4 /var/www/html/flarum/vendor/illuminate/bus/Dispatcher.php(98): Illuminate\Pipeline\Pipeline->then(Object(Closure)) #5 /var/www/html/flarum/vendor/illuminate/bus/Dispatcher.php(76): Illuminate\Bus\Dispatcher->dispatchNow(Object(FoF\Upload\Commands\Download)) #6 /var/www/html/flarum/vendor/fof/upload/src/Api/Controllers/DownloadController.php(64): Illuminate\Bus\Dispatcher->dispatch(Object(FoF\Upload\Commands\Download)) #7 /var/www/html/flarum/vendor/flarum/core/src/Http/RouteHandlerFactory.php(38): FoF\Upload\Api\Controllers\DownloadController->handle(Object(Zend\Diactoros\ServerRequest)) #8 /var/www/html/flarum/vendor/flarum/core/src/Http/Middleware/DispatchRoute.php(65): Flarum\Http\RouteHandlerFactory->Flarum\Http\{closure}(Object(Zend\Diactoros\ServerRequest), Array) #9 /var/www/html/flarum/vendor/zendframework/zend-stratigility/src/Next.php(60): Flarum\Http\Middleware\DispatchRoute->process(Object(Zend\Diactoros\ServerRequest), Object(Closure)) #10 /var/www/html/flarum/vendor/flarum/core/src/Http/Middleware/SetLocale.php(50): Zend\Stratigility\Next->handle(Object(Zend\Diactoros\ServerRequest)) #11 /var/www/html/flarum/vendor/zendframework/zend-stratigility/src/Next.php(60): Flarum\Http\Middleware\SetLocale->process(Object(Zend\Diactoros\ServerRequest), Object(Zend\Stratigility\Next)) #12 /var/www/html/flarum/vendor/flarum/core/src/Http/Middleware/CheckCsrfToken.php(23): Zend\Stratigility\Next->handle(Object(Zend\Diactoros\ServerRequest)) #13 /var/www/html/flarum/vendor/zendframework/zend-stratigility/src/Next.php(60): Flarum\Http\Middleware\CheckCsrfToken->process(Object(Zend\Diactoros\ServerRequest), Object(Zend\Stratigility\Next)) #14 /var/www/html/flarum/vendor/flarum/core/src/Http/Middleware/AuthenticateWithHeader.php(55): Zend\Stratigility\Next->handle(Object(Zend\Diactoros\ServerRequest)) #15 /var/www/html/flarum/vendor/zendframework/zend-stratigility/src/Next.php(60): Flarum\Http\Middleware\AuthenticateWithHeader->process(Object(Zend\Diactoros\ServerRequest), Object(Zend\Stratigility\Next)) #16 /var/www/html/flarum/vendor/flarum/core/src/Http/Middleware/AuthenticateWithSession.php(32): Zend\Stratigility\Next->handle(Object(Zend\Diactoros\ServerRequest)) #17 /var/www/html/flarum/vendor/zendframework/zend-stratigility/src/Next.php(60): Flarum\Http\Middleware\AuthenticateWithSession->process(Object(Zend\Diactoros\ServerRequest), Object(Zend\Stratigility\Next)) #18 /var/www/html/flarum/vendor/flarum/core/src/Http/Middleware/RememberFromCookie.php(51): Zend\Stratigility\Next->handle(Object(Zend\Diactoros\ServerRequest)) #19 /var/www/html/flarum/vendor/zendframework/zend-stratigility/src/Next.php(60): Flarum\Http\Middleware\RememberFromCookie->process(Object(Zend\Diactoros\ServerRequest), Object(Zend\Stratigility\Next)) #20 /var/www/html/flarum/vendor/flarum/core/src/Http/Middleware/StartSession.php(61): Zend\Stratigility\Next->handle(Object(Zend\Diactoros\ServerRequest)) #21 /var/www/html/flarum/vendor/zendframework/zend-stratigility/src/Next.php(60): Flarum\Http\Middleware\StartSession->process(Object(Zend\Diactoros\ServerRequest), Object(Zend\Stratigility\Next)) #22 /var/www/html/flarum/vendor/flarum/core/src/Api/Middleware/FakeHttpMethods.php(29): Zend\Stratigility\Next->handle(Object(Zend\Diactoros\ServerRequest)) #23 /var/www/html/flarum/vendor/zendframework/zend-stratigility/src/Next.php(60): Flarum\Api\Middleware\FakeHttpMethods->process(Object(Zend\Diactoros\ServerRequest), Object(Zend\Stratigility\Next)) #24 /var/www/html/flarum/vendor/flarum/core/src/Http/Middleware/ParseJsonBody.php(28): Zend\Stratigility\Next->handle(Object(Zend\Diactoros\ServerRequest)) #25 /var/www/html/flarum/vendor/zendframework/zend-stratigility/src/Next.php(60): Flarum\Http\Middleware\ParseJsonBody->process(Object(Zend\Diactoros\ServerRequest), Object(Zend\Stratigility\Next)) #26 /var/www/html/flarum/vendor/flarum/core/src/Http/Middleware/HandleErrors.php(57): Zend\Stratigility\Next->handle(Object(Zend\Diactoros\ServerRequest)) #27 /var/www/html/flarum/vendor/zendframework/zend-stratigility/src/Next.php(60): Flarum\Http\Middleware\HandleErrors->process(Object(Zend\Diactoros\ServerRequest), Object(Zend\Stratigility\Next)) #28 /var/www/html/flarum/vendor/zendframework/zend-stratigility/src/MiddlewarePipe.php(83): Zend\Stratigility\Next->handle(Object(Zend\Diactoros\ServerRequest)) #29 /var/www/html/flarum/vendor/middlewares/request-handler/src/RequestHandler.php(84): Zend\Stratigility\MiddlewarePipe->process(Object(Zend\Diactoros\ServerRequest), Object(Zend\Stratigility\Next)) #30 /var/www/html/flarum/vendor/zendframework/zend-stratigility/src/Next.php(60): Middlewares\RequestHandler->process(Object(Zend\Diactoros\ServerRequest), Object(Zend\Stratigility\Next)) #31 /var/www/html/flarum/vendor/middlewares/base-path-router/src/BasePathRouter.php(97): Zend\Stratigility\Next->handle(Object(Zend\Diactoros\ServerRequest)) #32 /var/www/html/flarum/vendor/zendframework/zend-stratigility/src/Next.php(60): Middlewares\BasePathRouter->process(Object(Zend\Diactoros\ServerRequest), Object(Zend\Stratigility\Next)) #33 /var/www/html/flarum/vendor/zendframework/zend-stratigility/src/Middleware/OriginalMessages.php(41): Zend\Stratigility\Next->handle(Object(Zend\Diactoros\ServerRequest)) #34 /var/www/html/flarum/vendor/zendframework/zend-stratigility/src/Next.php(60): Zend\Stratigility\Middleware\OriginalMessages->process(Object(Zend\Diactoros\ServerRequest), Object(Zend\Stratigility\Next)) #35 /var/www/html/flarum/vendor/middlewares/base-path/src/BasePath.php(53): Zend\Stratigility\Next->handle(Object(Zend\Diactoros\ServerRequest)) #36 /var/www/html/flarum/vendor/zendframework/zend-stratigility/src/Next.php(60): Middlewares\BasePath->process(Object(Zend\Diactoros\ServerRequest), Object(Zend\Stratigility\Next)) #37 /var/www/html/flarum/vendor/zendframework/zend-stratigility/src/MiddlewarePipe.php(83): Zend\Stratigility\Next->handle(Object(Zend\Diactoros\ServerRequest)) #38 /var/www/html/flarum/vendor/zendframework/zend-stratigility/src/MiddlewarePipe.php(72): Zend\Stratigility\MiddlewarePipe->process(Object(Zend\Diactoros\ServerRequest), Object(Zend\Stratigility\EmptyPipelineHandler)) #39 /var/www/html/flarum/vendor/zendframework/zend-httphandlerrunner/src/RequestHandlerRunner.php(95): Zend\Stratigility\MiddlewarePipe->handle(Object(Zend\Diactoros\ServerRequest)) #40 /var/www/html/flarum/vendor/flarum/core/src/Http/Server.php(44): Zend\HttpHandlerRunner\RequestHandlerRunner->run() #41 /var/www/html/flarum/public/index.php(22): Flarum\Http\Server->listen() #42 {main}
clarkwinkelmann mistle it seems like your server attempts to run the uploaded PHP files, and it's those files that are throwing an error. When a file is downloaded in Upload, an internal GET request is made from the download endpoint to the actual resource, which is then proxied to the user for download. Your log file indicates that while trying to perform that internal GET request, the target file returned a 500 error (which is itself probably logged into the server php or apache logs), indicating that the PHP code in it was most likely executed by your server. You'll need to disable PHP execution in the assets directory, or use a cloud storage.
mistle clarkwinkelmann Thank you for your help. I will try to change the permissions for uploaded files. EDIT: Removing the execution permission does not solve the problem. EDIT2: .htaccess in public/assets/files with "php_flag engine off" solves the issue.
clarkwinkelmann Littlegolden Where can we see the Download records. They are only recorded but not shown at this time. You can see the raw data in the fof_upload_downloads table in the database.
tankerkiller125 Nimren As was noted in the post above yours the only way to see this data is by running an SQL query on the fof_uploads_downloads table in your database. There is currently no UI for this.
hamedkouhfallah HI, with this expression now my users can upload zip files: (video\/(3gpp|mp4|mpeg|quicktime|webm))|(audio\/(aiff|midi|mpeg|mp4))|(image\/(gif|jpeg|png))|(application\/(x-(7z|rar|zip)-compressed|zip|arj|x-(bzip2|gzip|lha|stuffit|tar)|pdf)) but after upload a zip file and then try to down load I got this error: {"errors":[{"status":"404","code":"not_found"}]} this is the url: https://forum.voipiran.io/api/flagrow/download/649b92dd-5065-4321-87ee-9405910fa9c7/1982/GAFoxvAOX9APrNLFe56xrXFU5mcqYJLDkUPKaesy
matteocontrini hamedkouhfallah try to disable hotlinking protection (or something like that) in the extension settings
clarkwinkelmann hamedkouhfallah it looks like you are still using the Flagrow version. Are you able to update to the new FriendsOfFlarum version ? See instructions in the first post under "update from flagrow". If you already are under the FriendsOfFlarum, try clearing your cache so that the new download endpoint gets used.
hamedkouhfallah matteocontrini thank you, I disabled hot link protection but stiil got: {"errors":[{"status":"404","code":"not_found"}]}
[deleted] Recently I started using this useful extension, but even hotlinking is disabled I can access uploaded images using direct link/full file path. What can I do to prevent this?
clarkwinkelmann [deleted] I can access uploaded images using direct link/full file path If you use a template other than "with preview", the full path will not be revealed to the user. If you want to protect the files in assets from hotlinking, you'll need some additional config in your webserver. This extension doesn't take care of it. Only the "download" API endpoint is protected from hotlinking.
NorioDS @clarkwinkelmann New version is working well so far. The uploading indicactor is definitely a welcomed feature 🙂 Thanks! I'm posting here as a heads-up: There's an issue with the CDN prefixing. I commented on this PR here: FriendsOfFlarum/upload184 I'm pretty sure that the PR will fix the CDN issue but it's being held up by a code-style issue. (One that doesn't seem to make sense considering the way the array helper (Arr::get) works. More info on the PR comments.) An extra reason why this is important is because Amazon's SSL certificate for *.s3.amazonaws.com is not working. Which means that the way that the Upload extension constructs the URL, results in images not loading. (Browser blocks them because they're not secure. This is if you're hosting your forum on HTTPS) One workaround to this issue is to use the CDN prefix setting, because then the URLs can be written to use this syntax: https://s3.amazonaws.com/bucket-name/path-to-file Instead of: https://bucket-name.s3.amazonaws.com/path-to-file I'm hoping that PR can be merged because it fixes both issues at once. Thanks for reading!
DursunCan How do I set upload of files like ".cfg .txt .ini .games .inc .sp .smx .so .dll"? (video\/(3gpp|mp4|mpeg|quicktime|webm))|(audio\/(aiff|midi|mpeg|mp4))|(image\/(gif|jpeg|png))|(application\/(x-(7z|rar|zip)-compressed|zip|arj|x-(bzip2|gzip|lha|stuffit|tar)|pdf))
DursunCan https://www.freeformatter.com/mime-types-list.html I tried to do this by looking at this site, but I could not do it.
ScottBeeson Just installed this extension and it actually uploads the file but it does not display properly. It inserts [upl-image-preview url=path/to.png] but it is not interpreted. It just shows up as text, just like in this post.
clarkwinkelmann ScottBeeson clear the cache from the admin panel or by running php flarum cache:clear. Though the new version is now supposed to clear the cache correctly by itself when the extension is enabled.