miniBB Support Forums | 16 years on The Web
miniBB ® 


 | Begin | Register | Reply | Search | Statistics | File Bank | Manual |
Tidings miniBB Support Forums / Tidings /   

File Upload add-on update to the ver. 2.1.1

Author Paul
Lead Developer
#1 | Posted: 24 Mar 2011 13:31 | Edited by: Paul 
File Upload and Attachments add-on was recently upgraded to have improvements regarding showing up images in various browsers, and security update regarding disallowed file extensions. Updates regarding pictures showing were sponsored by the TG Comics website team, their forum gives a clear view of what miniBB could provide for the community of pictures-interest.

There was discovered a strange problem with viewing full-size images on some browsers like Google Chrome or even Internet Explorer, where they not appeared to be visible, at the time Mozilla and Opera were showing images properly. This appeared to be related to the mode of our add-on, which is set in $origFileExt option of the add-on's options file. If it's set to FALSE, the add-on saves pictures with .mbb extension and then passes them through verifying user credentials (so pictures are possible to read only by logged-in members). However, obviously IE or Chrome do not like that the PHP script, i.e. the file with .php extension, sends a picture header and tries to give it as a picture at the time it's not picture's extension.

The solution around, for now, it is only set $origFileExt=TRUE; so then allowing images to be read directly by a browser, and that works everywhere. Like it's set by default for this add-on now.

If you would like to rename older *.mbb files to the proper original extension, we also have programmed a special script for that, which is available for free by request.

This method has a con regarding direct external access to the picture, i.e. "hotlinking". If all the files you would like to protect, have *.mbb extension, in Apache it's easy to put a .htaccess rule to "deny from all" trying to get such files directly.

But for original extensions it's not that easy, I would say it's impossible. You may search in Google for hotlinking protection and find a lot of examples of how to protect loading pictures from no other domains that the original one, but this is only to loading up full-size pictures directly, not like miniBB's add-on displays them (in a scaled pop-up).

I think, it's still the best solution to give users to share pictures over the web from your website :) It's so rare practice nowadays, but it may give astonishing results.

Other updates of this add-on include pup-up and image scaling improvements for all major browsers (now we've tested it on Chrome, Mozilla, IE, Opera and Safari, it works for such devices as ipad as well); and the security update provides a new option called $disallowed_extensions.

Files to update are:

addon_fileupload_options.php - if you don't have it, put the $disallowed_extensions array there copying it from the original file;

bb_plugins2.php.code - re-paste the code for bb_plugins.php file from there;

addon_fileupload.php - just overwrite this file.

Feel free to give any new bug reports in our threads :-)

Tidings miniBB Support Forums / Tidings /
 File Upload add-on update to the ver. 2.1.1
 Share Topic's Link

Your Reply Click this icon to move up to the quoted message

Post as a Guest, leaving the Password field blank. You could also enter a Guest name, if it's not taken by a member yet. Sign-in and post at once, or just sign-in, bypassing the message's text.

Before posting, make sure your message is compliant with our forum posting rules. If not, it may be locked or deleted with no explanation.


miniBB Support Forums Powered by Forum Software miniBB ® Home  Features  Requirements  Demo  Download  Showcase  Gallery of Arts
Compiler  Premium Extensions  Premium Support  License  Contact Us
Try the Captcha add-on: protect your miniBB-forums from the automated spam and flood.