Welcome Guest, Not a member yet? Register   Sign In
Using SWFUpload + Sessions + upload class, how I did it.
#41

[eluser]dimethroxy[/eluser]
[quote author="~Chris~" date="1240868153"]302 error? It has been a while, but I think that is an error you get if you did not set up the mime types.

Code:
'jpeg'    =>    array('image/jpeg', 'image/pjpeg', 'application/octet-stream'),
'jpg'    =>    array('image/jpeg', 'image/pjpeg', 'application/octet-stream'),
'jpe'    =>    array('image/jpeg', 'image/pjpeg', 'application/octet-stream'),
[/quote]

This will make the upload class accept data from the flash post. But it introduce a huge security hole: this will accept .php file to be uploaded !
#42

[eluser]dimethroxy[/eluser]
I have tested this a little more and I can confirm that the upload class will accept .php files, even if they are not in the allowed_types. This will happen when the mimes type for the images are modified to accept 'application/octet-stream'.

The upload class should be updated to fix this problem, or at least filter .php file with their extension and not only their mime types.
#43

[eluser]jfurey[/eluser]
[quote author="outrage" date="1242953236"]


The simple way to get flash uploaders working is to set...

Code:
$config['sess_match_useragent']  = FALSE;

in your config file.
[/quote]

Thankyou, thankyou, thankyou.

I'd been pulling my hair out for 48 hours trying to get my custom flash uploader to work.

Cheers outrage! Smile
#44

[eluser]Firestorm Creative Studios[/eluser]
to all those who have had troubles with this, our biggest issue was the auto trailing slash in the URI. we were loading a URI without it and it was returning 301, so it just wouldn't work. we're using implemented several of these methods and settled on pistolPete's, but it still wasn't working. then i realized... we were forgetting the trailing slash.... grr. so, it works via pistolPete's method and settings, just don't forget to add the

TRAILING SLASH [/]

:bug:
#45

[eluser]hotmeteor[/eluser]
Quote:Working for me, can't see any security issues with it but if anyone can see one let me know, peer review away Smile

You are a genius. This works perfectly - thanks!
#46

[eluser]TheGman[/eluser]
[quote author="outrage" date="1242953236"]Hi Guys,

Just repeating this from a similar post I made some time ago.

The simple way to get flash uploaders working is to set...

$config['sess_match_useragent'] = FALSE;

in your config file.

The CI session manager is getting a different user-agent from the flash component (as mentioned above) and deleting the session.

If you're worried about doing this, faking a user-agent string is so easy that this method doesn't offer much in the way of security anyway.

Good luck.[/quote]

Thank you so much!!!! Worked perfectly.

Tested in IE8, Safari 4.0.4 and Firefox 3.6.3
#47

[eluser]Billa[/eluser]
@~Chris~ Do you still happen to read this thread? Thanks for the instructions given in your first post. I am having difficulty in getting data stored in session when using uploadify. I have downloaded native session library, and edited it according to your instructions, but i still am unable to get the data which is stored in session. Can you tell me if how can i fix it? Thanks man.
#48

[eluser]~Chris~[/eluser]
I made a new topic for CI Sessions and Uploadify http://ellislab.com/forums/viewthread/221152/




Theme © iAndrew 2016 - Forum software by © MyBB