Subject: Upload image in Article?

Posted on: 14/04/02 05:26am
By: Anonymous

I was reading the article on Image Article Support and i wanted to know if anyone would be able to write a hack or plug-in that will allow an upload box? That way, someone could upload an image and insert it into their article. Any help is appriciated!

Well ...

Posted on: 14/04/02 06:57am
By: Dirk

This is exactly what you will get with Geeklog 1.3.5. So either wait until it comes out or, if you're really desperate, pull it from CVS yourself.

bye, Dirk


Well ...

Posted on: 14/04/02 03:11pm
By: Anonymous

Where in CVS is it? I've searched through all the files. And what file is it exactly in? Thanks for the help.

image handling

Posted on: 14/04/02 04:15pm
By: Anonymous

The way I understand the image handling in Geeklog is that the upcoming verion 1.3.5 will offer someone who has administration rights on a site the ability to upload images to the site and uses a bb style tag to attach the image to an article. For someone who does not have administration rights for the site it will not be possible to use the new system. However, if the site you want to have an image/article on allows the <img> tag in the html coding of articles or comments then it is possible for you to place an image in your article if you can place the image on a server available on the web. If you have school or ISP space just place the image in a folder and then using the html formatting on the article/comment enter somethig like this, <img scr="http://my_image_site.com/myimage.jpg> when the article/comment is displayed, and if the image is available, the image will be displayed. This is of course if the site admin allows it. hth .toad.

Well ...

Posted on: 15/04/02 12:13am
By: Dirk

Sorry, it's not in a single file. You can't just pull one file and add it to your current installation. There's a new upload class involved, as well as changes in the submit code and in the database as well.

You will need to upgrade to 1.3.5 once it's finished to get all this. However, the upgrade from 1.3.4 to 1.3.5 is missing from the version in CVS just now - it's simply not finished yet. So you either have to make a new install using 1.3.5 from CVS or just be patient until it's finished.

Of course, as someone else already pointed, you could simply go to your config.php and add img to the list of allowed HTML tags, which would give you the ability to add images in stories with your current Geeklog installation (without the image upload, of course).

bye, Dirk


Well ...

Posted on: 15/04/02 05:49am
By: Anonymous

Ok thanks. When is 1.3.5 expected to be released?

security issue

Posted on: 15/04/02 11:01am
By: Anonymous

Have not had a chance to look at the CVS to see the code for the image tags. Just wanted to point out that , when you introduce image tags, you would open a security hole into the system (phpbb had this problem before it was corrected) You need to check the input by the user before it gets into the system. Something like this preg_replace("/\[img\](http:\/\/*[^:;=,&@\%\+\"'\?\|]*\.(gif|jp eg|png|jpg|bmp))\[\/img\]/si", "<!-- BBCode Start --><IMG SRC=\"\1\" BORDER=\"0\"><!-- BBCode End -->", $message); The above is not my code, and do not remember who wrote it either.

security issue

Posted on: 17/04/02 10:45am
By: Tony

Yes, this is exactly why we aren't allowing non-administrators to the site to upload images (yet). Also, I'd encourage you all to check into both upload.class.php and admin/story.php so you can see the lengths we go to to secure this features. If you do that you will notice: 1) There are default file sizes and, for images, max width and max height values that prevent large files from being uploaded 2) Through modifying upload.class.php, you can specify the set of registered mime types. 3) For a specific instance of the object, you must specify the allowed mime types. This differs from item #2 above in that item 2 is a set of all mime types that could be used across all instances of an object but for each instance you must specify the allowed mime types (i.e. a subset of mime types from item 2 above) 4) You can, if desired, specify external IP's from which file uploads are allowed. 5) You can set the file permissions of the file in it's destination directory easily. 6) The upload class has an extensive logging system that can be used in troubleshooting errors, warnings or for producing useful debugging messages. ----- The reason people blame things on previous generations is that there's only one other choice.

Geeklog - Forum
https://www.geeklog.net/forum/viewtopic.php?showtopic=21049