HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Attachments not working

I think uploads have been semi-broken on my forum for quite some time, as the attachment table is completely empty. However, previously , files did successfully upload and embed into the forum fine.

After updating to 2.8, any time I try to upload a file I get a message "You are not allowed to upload files in this category".

«1

Comments

  • You are on a hosted contract, therefore you can directly ask support@vanillaforums.com

    This forum is for the open source version of Vanilla.

    @Adrian maybe able to take over from here. By the way, @Adrian your official forum seems to be down and either it is in maintenance mode again or it has been in maintenance mode for a quite a while now.

  • pinchiespinchies New
    edited February 2019

    Unfortunately for me, I am not on a hosted contract - but those two sites I linked may be. Any help would be gratefully appreciated.

  • R_JR_J Admin
    edited February 2019

    Sorry, I haven't read everything you wrote and thought you were on beamdog forum...

    Can you be more specific than: "semi broken" and "table empty"? If the table has been wiped, you have a severe problem but I never ever heard of a Vanilla malfunction that wiped a complete table.

    Based on another problem you have referenced in a double post, you had problems with the table structure. Can it be that you have edited the /applications/dashboard/settings/structure.php and changed ->set(false, false); to ->set(true, true); for the Media table? That would be the only explanation for the full wipe.

    Oh, the french forum you've linked to shows a known face. @pioc34 can you give insights on that problem and if it still persists on your forum?

  • pinchiespinchies New
    edited February 2019

    When I say empty, I mean, completely empty - the table exists in the database (vf_Attachments) but has zero lines. The structure of the table is correct, as verified using the $siteurl/utility/structure checker.

    From memory that table has been empty for some time. It was empty when I posted about the previous uploading problem. Because it was empty, I assumed it was unused, and was some kind of upgrade remnant - just like the StorageMethod column in the Media table, that I had also discovered was redundant.

    The media table is set to ->(false,false) from what I can see.

    I just checked the backup of my database before I upgraded - the Attachement table was empty then too.

  • By semi-broken, files would upload, the attachment would display, but when the files were downloaded they always had some obfuscated filename. I never could figure out how to fix that.

  • I'm not sure what that Attachment table is used for but the uploads are saved in the Media table.

    Files get that random name when they are saved on your server (which increases security). Therefore their name is like that when they are downloaded. That is default Vanilla behavior (though something which would be nice if it would be changed)

    Good news: no semi-broken uploads. But the main problem persists...


    In the english forum you've linked to someone said that Vanilla staff members could upload files as that user which would be a hint to a browser problem. Is that a problem which all users face or only you (or a few). Is it only for special roles?

  • I can't upload files as an admin. I'll have a try as a user and get back to you.

  • Hum, yes i have problems too with uploads. I'm investigating!

  • pinchiespinchies New
    edited February 2019

    @pioc34 - If you haven't already, I would suggest to try check your database structure first: https://routeur4g.fr/discussions/utility/structure

  • Seems both myself and users can upload images, but other permitted file types are no longer working, both for myself, and for users. (e.g. pdf etc.)

  • http code 500 with admin account or member account on https://routeur4g.fr/discussions/post/comment/?discussionid=997,

    {
      "Code": 0,
      "Exception": "You are not allowed to upload files in this category.",
      "Class": "Exception"
    }
    
  • Error 500 should be explained in your web server logs. Can you take a look at that?

  • i comment the last merged PR for class.editor.plugin.php

     $discussionID = Gdn::request()->getValue('DiscussionID');
        $discussionModel = new DiscussionModel();
        $discussion = $discussionModel->getID($discussionID);
        if ($discussion) {
          $categoryID = $discussion->CategoryID;
          $category = CategoryModel::categories($categoryID);
    
          if ($category && $category['AllowFileUploads'] !==1 && Gdn::request()->getValue('MediaIDs') !== false) {
            throw new Exception(t('You are not allowed to upload files in this category.'));
          }
        }
    

    Now uploads work fine.

    I will investigate more when i'll have more time!

  • I think you're right. The problem seems to be the lack of MediaID's which presumably comes from the lack of items in the Attachments table. I'm going the same route for now – at least nothing is worse than before...


    Hopefully the Vanilla team can figure out a fix with their hosted clients. Thanks for your help @pioc34 & @R_J .

  • pinchiespinchies New
    edited February 2019

    One more thing - it's interesting to me, that even when I comment out "&& Gdn::request()->getValue('MediaIDs') !== false" that uploads still fail, which suggests to me that the problem may not be where I thought it was.

    Commenting out the whole block works.

  • That fix would skip permission checks for uploading files, but if you have no categories where uploading is not allowed, it should be save to skip it.

  • charrondevcharrondev Vanilla Staff
    edited February 2019

    The solution to this problem is to fix your permission setups.

    • Ensure Uploads are enabled for that category & your role.

    The commit you're commenting out was a security patch. Previously malicious users were able to bypass related upload permissions. I find it quite concerning that people are jumping straight to "Remove the permission checks by commenting out code" instead of auditing the way their roles/permissions are setup in the dashboard.

  • pioc34pioc34 ✭✭
    edited February 2019

    Members and admin can upload and catégories allows uploads and it fails with advanced editor...i will try to debug it tomorrow.

Sign In or Register to comment.