Announcement

Do not use the forums to submit bug reports, feature requests or patches, submit a New Ticket instead.

#1 2008-12-31 19:15:04

epearson
New member
Registered: 2007-10-14
Posts: 9

EFM update doesn't include upload?

I saw the security alert about EFM and just downloaded the nightly build thinking that would contain all the fixed files. However, when I upload it, it seems to work fine but the upload button is gone.

If this was overkill for the security issue, I didn't see anyway to get the patched files on the ticket.

Otherwise, tell me how to get the upload back for the new .96ish build.

Offline

#2 2009-01-02 01:49:59

gogo
Xinha Leader
From: New Zealand
Registered: 2005-02-11
Posts: 1,015
Website

Re: EFM update doesn't include upload?

Upload was disabled in the EFM and ImageManager configs by default to ensure that people correctly configure the plugin, otherwise everybody could upload stuff by default in any Xinha which was online (and had typical permissions), which is a bad thing. 

Set the allow_upload config option for the plugin to true.

// CONFIGURATION README:
//
//  It's useful to pass the configuration to the backend through javascript
//  (this saves editing the backend config itself), this needs to be done
//  in a trusted/secure manner... here is how to do it..
//
//  1. You need to be able to put PHP in your xinha_config setup
//  2. In step 3 write something like
//  --------------------------------------------------------------
//  with (xinha_config.ImageManager)
//  { 
//    <?php 
//      require_once('/path/to/xinha/contrib/php-xinha.php');
//      xinha_pass_to_php_backend
//      (       
//        array
//        (
//         'images_dir' => '/home/your/directory',
//         'images_url' => '/directory',
//         'allow_upload' => true
//        )
//      )
//    ?>
//  }
//  --------------------------------------------------------------
//
//  this will work provided you are using normal file-based PHP sessions
//  (most likely), if not, you may need to modify the php-xinha.php
//  file to suit your setup.

James Sleeman

Offline

#3 2009-01-02 14:32:18

epearson
New member
Registered: 2007-10-14
Posts: 9

Re: EFM update doesn't include upload?

Thanks for your help. A good idea.

BTW, for security, if I specify the allowed extensions is that a good start to locking it down?

Offline

Board footer

Powered by FluxBB