Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Uploadify 3 Beta plugin
#1
After few long hours I crafted this simple plugin, to evaluate Uploadify 3 Beta suitability to be included in new GetSimple version. Because it has serious security issues DO NOT USE IT ON PRODUCTION WEBSITES! I couldn't find a way to get some site variables in plugin (e.g. $SESSIONHASH, GSDEBUG, etc.), so upload.php script it is not secure and accessible from "outside". I could really use some help in this area. It works on latest version of GetSimple from SVN, but might work on earlier ones as well - I just haven't tested.
As compared with Uploadify v2 it has some advantages: CSS styled upload button, customizable button text, check for existing files on server. It should work better than v2, but there are few serious issues: some settings doesn't work and problems with errors catching from upload.php (it always returns result Complete, even if upload fails). In my opinion, it is not mature enough, yet, to be included in new version of GetSimple. But I want to hear opinions of other developers and users.
Reply
#2
I will give this a test drive (along with the new CKEditor) Monday.... However, no matter how much the new 3.0 Uploadify promises, I agree that we just can't use it if it's buggy or is incomplete.

If anything, this will give us a great headstart to implementing the new Uploadify when it comes out of beta.

Thanks for the help
- Chris
Thanks for using GetSimple! - Download

Please do not email me directly for help regarding GetSimple. Please post all your questions/problems in the forum!
Reply
#3
Fixed a few small things - file size limit and debug mode (only show Uploadify debug screen when GS is in debug mode). Minor CSS style fixes. If we'll manage to solve problem with catching errors from upload script - it could replace old Uploadify script.
Other option might be Plupload (www.plupload.com) - but it could be a lot harder to adapt.
Reply
#4
what about support for $SESSIONHASH?
- Chris
Thanks for using GetSimple! - Download

Please do not email me directly for help regarding GetSimple. Please post all your questions/problems in the forum!
Reply
#5
ccagle8 Wrote:what about support for $SESSIONHASH?
It is supported, example attached. I'm not sure if my implementation is correct, but now plugin will pass and check SESSIONHASH variable. Still, file upload will be shown as "Complete" in Uploadify queue, even if user logs out. Looks like that Uploadify javascript ignores all output from upload script.
EDIT: forgot the file, sorry.
EDIT2: done some more thorough testing - there might be a security hole in this plugin - file is still uploaded even if I log out of website (leaving Files page in another tab to do upload). Any ideas how to fix it?
Reply
#6
And yet another update - this is getting pretty interesting. I've added thumbnail uploading to subdirectories, but to fully work upload.php has to be modified, to display thumbnails from subdirectories. Another little thing I've done is reloading whole #maincontent div, to update filter and file count right after upload. Filter didn't work after reload, so I added a dirty hack to reattach its event handler. This will have to be rewritten, if we are going to integrate this plugin to GetSimple core.
This is actually turning out pretty good, while as standalone plugin this solution still has security flaws, integrated into GetSimple it should work out even better than the old Uploadify.

EDIT: I really got used to uploading files with one click during Uploadify testing, so I forgot to click "Add file" again. Sorry.
Reply




Users browsing this thread: 1 Guest(s)