You are not logged in.
I saw the security alert about EFM and just downloaded the nightly build thinking that would contain all the fixed files. However, when I upload it, it seems to work fine but the upload button is gone.
If this was overkill for the security issue, I didn't see anyway to get the patched files on the ticket.
Otherwise, tell me how to get the upload back for the new .96ish build.
Offline
Upload was disabled in the EFM and ImageManager configs by default to ensure that people correctly configure the plugin, otherwise everybody could upload stuff by default in any Xinha which was online (and had typical permissions), which is a bad thing.
Set the allow_upload config option for the plugin to true.
// CONFIGURATION README:
//
// It's useful to pass the configuration to the backend through javascript
// (this saves editing the backend config itself), this needs to be done
// in a trusted/secure manner... here is how to do it..
//
// 1. You need to be able to put PHP in your xinha_config setup
// 2. In step 3 write something like
// --------------------------------------------------------------
// with (xinha_config.ImageManager)
// {
// <?php
// require_once('/path/to/xinha/contrib/php-xinha.php');
// xinha_pass_to_php_backend
// (
// array
// (
// 'images_dir' => '/home/your/directory',
// 'images_url' => '/directory',
// 'allow_upload' => true
// )
// )
// ?>
// }
// --------------------------------------------------------------
//
// this will work provided you are using normal file-based PHP sessions
// (most likely), if not, you may need to modify the php-xinha.php
// file to suit your setup.James Sleeman
Offline
Thanks for your help. A good idea.
BTW, for security, if I specify the allowed extensions is that a good start to locking it down?
Offline