verot.net

There must be a bug. I don't have time to try it right now, but I will check it. Do0es it work is you add a setting, such as image_border, or image_negative, which would trigger the image processing?

As for the Flash upload issue, would you be kind enough to remind me why it works with 0.24 and not 0.25? I can't recall in details what is happening.Reply

No, both functions do not trigger any image processing. Names do get changed, but there's no GD image processing.

For Flash, i've used v0.25 with a user-submitted add-on i've found on this forum post.

This add-on should correct for the fact that Flash can only send octet-stream mime-types. v0.24 does not work with flash upload, it can't read the file. V0.25 does work with Flash upload however, but it does not resize the image. I thought that that may be due to incorrect mime-types, so i tried that add-on.

I use this flash uploader.Reply

Hi guys.

I have the same problem. I'm using the flash uploader PowUpload and I get the same results as Roderick is getting. Images get transferred to the right destination but they are not resized.

I will keep posting here if I find some solution.

Thanks,
Magnus
IcelandReply

Yes, I see where it comes from.

Basically, image processing happens only is $this->file_is_image is true, which happens only if the MIME type is in $this->image_supported.

Since Flash sets the MIME to be application/octet-stream, it is not recognized as an image format, thus disabling the image processing.

I guess I will add a new setting, something like $handle->is_flash that will disregard some MIME type information in order to allow image processing.

Could one of you send me some implementation of a Flash uploader with the upload class, that I can set up here, in order to test it?Reply

@ colin

I put a small example together. You can find it here: http://www.leifur.org/files/flash.zip
It worked on my server, uploaded the file successfully but I'm not sure how you can see print_r or any error information with this. Maybe the FancyUpload is better for that, don't know :)

Sincerely,
Magnus
IcelandReply

I've implemented this code (i dont know this forums bb-code. so just as plain text) at row 2258

Now, flash upload and image resizing works, but only for jpg files. All i do is manually resetting some vars to jpg so the upload class will process the images as jpg's.

// Some logging to chech mime of file
$this->log .= 'EDIT - 1e file src mime : '.$this->file_src_mime; 
if($this->file_src_mime == 'application/octet-stream') { 
  $this->log .= 'EDIT - File is octet-stream'; 
  if (function_exists('mime_content_type')) { 
    // SET mime type manually. 
    // File HAS to be jpg in order to work properly. 
    // GIF support and PNG support not included 
    $this->file_src_mime == 'image/jpeg'; 			
    // Get image info
    $info = @getimagesize($this->file_src_pathname); 	
    // Set img src type manually. Again, file has to be jpg!
    $this->image_src_type = 'jpg';
    $this->file_is_image = true; 
  }						 
}					
// Now, the file is an jpg-image

// if the file is an image, we gather some useful data
if (array_key_exists($this->file_src_mime, $this->image_supported)) {
  $this->file_is_image = true;
  $this->image_src_type = $this->image_supported[$this->file_src_mime];
  $info = @getimagesize($this->file_src_pathname);
  // $info now knows the file is not an genuine jpg image, so i reset it again!
  if($this->file_src_mime == 'application/octet-stream') { 
    $this->image_src_type = 'jpg';
  }
}
// Just some log checking
$this->log .= 'EDIT - 3de file src mime : '.$this->file_src_mime;

Reply

I rewrote it a bit. JPG and PNG now work, gifs get scrambled. Don't know why this happens.

if($this->file_src_mime == 'application/octet-stream') { 
  if (function_exists('mime_content_type')) { 
    switch($this->file_src_name_ext) { // Set mime manually
      case 'jpg':
        $this->file_src_mime == 'image/jpeg'; 
      break;
      case 'gif':
        $this->file_src_mime == 'image/gif'; 
      break;
      case 'png':
        $this->file_src_mime == 'image/png'; 
      break;
      default:
        $this->file_src_mime == '';
    } 
    // Set img src type to the file extension. Makes it a bit vulnurable
    $this->image_src_type = $this->file_src_name_ext; 
    // Flag set to true, otherwise 
    $this->file_is_image = true; 
  }						 
}					
// Now, the file faked as if its a normal image	

// if the file is an image, we gather some useful data
if (array_key_exists($this->file_src_mime, $this->image_supported)) { 		
  $this->file_is_image = true;
  $this->image_src_type = $this->image_supported[$this->file_src_mime];
  $info = @getimagesize($this->file_src_pathname);
  // $info now knows the file is not an genuine jpg image, so reset it again!
  if($this->file_src_mime == 'application/octet-stream') { 	
    $this->image_src_type = $this->file_src_name_ext;
  }
}

Reply

Good to see a tnaelt at work. I can’t match that.Reply

@ Roderick

Great! Your above script works great. In my case, I don't need support for gif or png. The flash upload only let's JPG files through and I'll also have server side checking so this is great for me.

Thanks a lot!Reply

I have released a test version 0.26RC1, which should work with Flash uploaders. It is inspired by Roderick's code.

You can get it here. Would you be kind enough to test it?

However, I think it creates a security hole as it makes the class to rely on the file extension when the MIME type is application/octet-stream, thus enabling an attacker to upload a malicious file with an image extension.

I will do some further checking, and may do some more groundwork to allow Flash, open_basedir and MIME type detection play well together, while making sure it is all secured.Reply

Great work!.

Tested the new 0.26RC1 version, and flashupload works OK :)

Keep up the great workReply

Great service from your side! I really appreciate this! I'll test this version this afternoon!

RoderickReply

Hey,

i've tested it and it works ok!

I've added my emailaddress, so If you need someone to further test this matter for you, you can contact me.

RoderickReply

Thank you for the feedback. In the upcoming weeks, I will do a rewrite of the MIME detection, and will probably have more to test.Reply

I was having the same issue (took me a bit to figure that it was mimi type) and I test .26 and works like a charm. Please email me if you need more testers, I am planning on using your script in a wordpress plugin I am working on.

Thanks.Reply

Cheers for the script mate, just wanted to see how I implement your script into my file reference api for flash. I have a custom class that I'm using to target your php class, but how to I set parameters for your class etc? Thanks loadsReply

I am not too sure what you mean. Can you give more details?Reply

Sure thing, I am passing the image data from the flash uploader directly into the constructor as: $u = new upload($_FILES['Filedata']['tmp_name])

It would seem that would be the right way to go, however, any way I seem to pass the file it saves the file on my server with a .txt, i noticed in your it offers some protection against malicious code, etc.

If I rename the uploaded file with a jpg extension it works and all is well with the world, any ideas?

CheersReply

First, this:

$u = new upload($_FILES['Filedata']['tmp_name])

should be:

$u = new upload($_FILES['Filedata'])

(beware of multiple uploads, check the FAQ if you upload several files at a time)

Also try to set no_script to false:

$u->no_script = false;

Do you use the 0.26RC1?Reply

Yes sir, I am using 0.26RC1, and the recommendations you made worked, silly mistake. Thanks loads mate, you've really done some great work here. I'll be sure to spread the word. CheersReply