Photo Organizer

Notice: Undefined index: tasklist_type in /var/www/flyspray/includes/class.tpl.php(128) : eval()'d code on line 85 Notice: Undefined index: tasklist_type in /var/www/flyspray/includes/class.tpl.php(128) : eval()'d code on line 90
  • Status Closed
  • Percent Complete
  • Task Type Feature Request
  • Category Backend / Core
  • Assigned To No-one
  • Operating System All
  • Severity Low
  • Priority Normal
  • Reported Version 2.34
  • Due in Version Undecided
  • Due Date Undecided
  • Votes 0
  • Private No
Attached to Project: Photo Organizer
Opened by Solomon Peachy (pizza) - 2008-01-31
Last edited by Solomon Peachy (pizza) - 2008-03-02

FS#319 - Enhance local filesystem uploads to be secure and universal.

Currently the user specifies a path. This grants the user full access to anything on the filesystem that the webserver can access.

To allow this feature for everyone without giving away the security farm, there has to be a non-modifiable per-user upload path.

$bulk_upload_base = '/var/po/uploads/%u/'; /* %u gets replaced with userid or username */


1) Mechanism for uploading files needs to map to a PO user (and hence the path) and disallow access to other users' files -- this is more complicated when you consider:
2) Files need to be deletable by the web server's user -- as files are imported, they must be removed from the 'upload path'.

(2) can be sort-of worked around by making the directories group-writable by the webserver, but the problem of subdirs still applies.

(1) Is entirely site-specific. In the end, perhaps as part of the user creation process, upload subdirs are created for each user, and it's up to the site admin to figure out how to do it.

This task does not depend on any other tasks.

Closed by  Solomon Peachy (pizza)
Sunday, 02 March 2008, 00:30 GMT
Reason for closing:  Implemented
Additional comments about closing:  r1949.