• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Using SWFUpload + Sessions + upload class, how I did it.

#41
[eluser]dimethroxy[/eluser]
[quote author="~Chris~" date="1240868153"]302 error? It has been a while, but I think that is an error you get if you did not set up the mime types.

Code:
'jpeg'    =>    array('image/jpeg', 'image/pjpeg', 'application/octet-stream'),
'jpg'    =>    array('image/jpeg', 'image/pjpeg', 'application/octet-stream'),
'jpe'    =>    array('image/jpeg', 'image/pjpeg', 'application/octet-stream'),
[/quote]

This will make the upload class accept data from the flash post. But it introduce a huge security hole: this will accept .php file to be uploaded !

#42
[eluser]dimethroxy[/eluser]
I have tested this a little more and I can confirm that the upload class will accept .php files, even if they are not in the allowed_types. This will happen when the mimes type for the images are modified to accept 'application/octet-stream'.

The upload class should be updated to fix this problem, or at least filter .php file with their extension and not only their mime types.

#43
[eluser]jfurey[/eluser]
[quote author="outrage" date="1242953236"]


The simple way to get flash uploaders working is to set...

Code:
$config['sess_match_useragent']  = FALSE;

in your config file.
[/quote]

Thankyou, thankyou, thankyou.

I'd been pulling my hair out for 48 hours trying to get my custom flash uploader to work.

Cheers outrage! Smile

#44
[eluser]Firestorm Creative Studios[/eluser]
to all those who have had troubles with this, our biggest issue was the auto trailing slash in the URI. we were loading a URI without it and it was returning 301, so it just wouldn't work. we're using implemented several of these methods and settled on pistolPete's, but it still wasn't working. then i realized... we were forgetting the trailing slash.... grr. so, it works via pistolPete's method and settings, just don't forget to add the

TRAILING SLASH [/]

:bug:

#45
[eluser]hotmeteor[/eluser]
Quote:Working for me, can't see any security issues with it but if anyone can see one let me know, peer review away Smile

You are a genius. This works perfectly - thanks!

#46
[eluser]TheGman[/eluser]
[quote author="outrage" date="1242953236"]Hi Guys,

Just repeating this from a similar post I made some time ago.

The simple way to get flash uploaders working is to set...

$config['sess_match_useragent'] = FALSE;

in your config file.

The CI session manager is getting a different user-agent from the flash component (as mentioned above) and deleting the session.

If you're worried about doing this, faking a user-agent string is so easy that this method doesn't offer much in the way of security anyway.

Good luck.[/quote]

Thank you so much!!!! Worked perfectly.

Tested in IE8, Safari 4.0.4 and Firefox 3.6.3

#47
[eluser]Billa[/eluser]
@~Chris~ Do you still happen to read this thread? Thanks for the instructions given in your first post. I am having difficulty in getting data stored in session when using uploadify. I have downloaded native session library, and edited it according to your instructions, but i still am unable to get the data which is stored in session. Can you tell me if how can i fix it? Thanks man.

#48
[eluser]~Chris~[/eluser]
I made a new topic for CI Sessions and Uploadify http://ellislab.com/forums/viewthread/221152/


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.