[UNSOLVED] File types allowed in forum post attachments

This is the place to talk about our forums:
Questions about how to best use them, discussions about new features and things like that

[UNSOLVED] File types allowed in forum post attachments

Postby wobo » Jul 7th, '11, 11:06

I tried to attach a related log file to a post in viewtopic.php?f=15&t=725 - it did not work - file type was not allowed. So I looked in the forum settings in the ACP and found out that the only file types allowed are for images and archives. No plain text at all! Forbidden are such endings like ".txt" or ".log".

It is quite normal that certain file types are not allowed for sake of security and as measurement against people trying to supply illegal downloads. This goes without question (so why are archives allowed?). But plain text files such as config files, log files, etc. often are essential to show the problem and as essential for helpers to be able to pin-point the problem and to find a solution.

It is very easy to change that for an admin: In the ACP open the tab for "Posts", then open "File Tape Management". A few mouse clicks, done. I needed just 5 seconds to find it.

Should I file a bug report about this or is should I report the post to the admin?
wobo
---
And a new day will dawn for those who stand long
And the forests will echo with laughter
(Stairway to Heaven, Led Zeppelin)
User avatar
wobo
 
Posts: 1649
Joined: Mar 22nd, '11, 17:13

Re: File types allowed in forum post attachments

Postby Max » Jul 7th, '11, 16:55

Report the post to the admin, preferably in a PM.
This will ensure a faster response.
Image
User avatar
Max
 
Posts: 269
Joined: Apr 4th, '11, 09:16

Re: File types allowed in forum post attachments

Postby doktor5000 » Jul 7th, '11, 17:01

That was a really good one. The same fast response he gives on PMs on other topics?
Then lets wait some weeks ...
Cauldron is not for the faint of heart!
Caution: Hot, bubbling magic inside. May explode or cook your kittens!
----
Disclaimer: Beware of allergic reactions in answer to unconstructive complaint-type posts
User avatar
doktor5000
 
Posts: 16724
Joined: Jun 4th, '11, 10:10
Location: Leipzig, Germany

Re: File types allowed in forum post attachments

Postby wobo » Jul 7th, '11, 19:25

I used the little icon with the question mark which sends the report straight to the admin. As reason for the report I gave "I want to bring this request to your attention." :)

Max wrote:Report the post to the admin, preferably in a PM.
This will ensure a faster response.
LOL! Last PM I sent to the admin was in April 5th - still no reply. So I prefer to ring the official alarm. I used the little icon with the question mark which sends a report straight to the admin. As reason for the report I gave "I want to bring this request to your attention." Image
wobo
---
And a new day will dawn for those who stand long
And the forests will echo with laughter
(Stairway to Heaven, Led Zeppelin)
User avatar
wobo
 
Posts: 1649
Joined: Mar 22nd, '11, 17:13

Re: File types allowed in forum post attachments

Postby maat » Jul 12th, '11, 21:05

txt plain text is disabled by default phpbb config because text can be pasted into post area (better in [ code ] markup) so that people can see them without needing to download a file.

of course the log and txt files can be unlocked... but the benefits of the thing are not obvious for me at the moment.

I'm unlocking them but i'd be happy to understand why one would prefer to attach txt files instead of letting them in the post so taht users can read them without additional handling step
maat
 
Posts: 304
Joined: Feb 13th, '11, 00:23

Re: File types allowed in forum post attachments

Postby isadora » Jul 12th, '11, 21:12

;-)
Attachments
thank you.txt
(18 Bytes) Downloaded 114 times
..........bird from paradise..........

Perfection is achieved, not when there is nothing more to add, but when there is nothing left to take away.
—Antoine de Saint-Exupéry
User avatar
isadora
 
Posts: 2681
Joined: Mar 25th, '11, 16:03
Location: Amsterdam, the Netherlands

Re: File types allowed in forum post attachments

Postby wobo » Jul 12th, '11, 21:29

maat wrote:txt plain text is disabled by default phpbb config because text can be pasted into post area (better in [ code ] markup) so that people can see them without needing to download a file.
of course the log and txt files can be unlocked... but the benefits of the thing are not obvious for me at the moment.
I'm unlocking them but i'd be happy to understand why one would prefer to attach txt files instead of letting them in the post so taht users can read them without additional handling step

Of course, short pieces of config files or logs are better posted in code tags.
But the case which brought me to the request was the need to post a complete ~/.xsessions-error log file, which is quite long and only interesting for people who possibly know how to help / what to look for. Same goes for other long log files. Reading them in a large editor window is better than scrolling down hundreds of lines in a small code block. That was my main reason.

So, allowing .log would be enough.

BTW: Don't you think that allowing flash videos as attachments is a security risk? They are disabled by default in the phpbb3-Version we are using at MandrivaUser.de and I did not open that one there :)
wobo
---
And a new day will dawn for those who stand long
And the forests will echo with laughter
(Stairway to Heaven, Led Zeppelin)
User avatar
wobo
 
Posts: 1649
Joined: Mar 22nd, '11, 17:13

Re: File types allowed in forum post attachments

Postby maat » Jul 12th, '11, 22:04

flash can be harmful and i'd not have allowed it so easily as i did for txt/log :)
maat
 
Posts: 304
Joined: Feb 13th, '11, 00:23

Re: File types allowed in forum post attachments

Postby wobo » Jul 12th, '11, 22:25

You are quite right but I have a reason to ask this.
You say that your settings in the phpbb3 installation of Mageia are standard phpbb3. Is that right? Because they differ totally from teh settings in the German forum. I swear to all bibles you can bring in that I did not touch these settings! They were like this from installation on. So, either the German forum was not installed from the same source as the English forum or something "magic" happened to the settings in the English forum (I know that nothing was done to the settings in the German forum).
Be aware that ALL of the following file types are ALLOWED in the german forum, which is a potential security risk.
Code: Select all
gif       
jpeg       
jpg       
png       
tga       
tif       
tiff       
 
7z       
ace       
bz2       
gtar       
gz       
rar       
tar       
tgz       
torrent       
zip       
 
c       
cpp       
csv       
diz       
h       
hpp       
ini       
js       
log       
txt       
xml       
 
ai       
doc       
docm       
docx       
dot       
dotm       
dotx       
odg       
odp       
ods       
odt       
pdf       
ppt       
pptm       
pptx       
ps       
rtf       
xls       
xlsb       
xlsm       
xlsx       
 
ram       
rm       
 
wma       
wmv       
 
swf       
 
3g2       
3gp       
m4a       
m4v       
mov       
mp4       
qt       
 
mp3       
mpeg       
mpg       
ogg       
ogm

From your words "this is standard" Ithought that it would be the same in the German forumI It's not, as you can see. Now I wonder what other "standards" of the English forum are different in the German forum...

I'll spend tomorrow in the German ACP and look at the settings.
Last edited by wobo on Jul 12th, '11, 22:32, edited 1 time in total.
wobo
---
And a new day will dawn for those who stand long
And the forests will echo with laughter
(Stairway to Heaven, Led Zeppelin)
User avatar
wobo
 
Posts: 1649
Joined: Mar 22nd, '11, 17:13

Re: File types allowed in forum post attachments

Postby maat » Jul 12th, '11, 22:32

good question. side effect of puppet install ? in all cases it deserves at least an investigation !
maat
 
Posts: 304
Joined: Feb 13th, '11, 00:23

Re: File types allowed in forum post attachments

Postby wobo » Jul 12th, '11, 22:33

Yes, will do tomorrow, a walk in the ACP...
wobo
---
And a new day will dawn for those who stand long
And the forests will echo with laughter
(Stairway to Heaven, Led Zeppelin)
User avatar
wobo
 
Posts: 1649
Joined: Mar 22nd, '11, 17:13

Re: File types allowed in forum post attachments

Postby wobo » Jul 12th, '11, 22:35

How can I look in the English ACP to compare settings?
wobo
---
And a new day will dawn for those who stand long
And the forests will echo with laughter
(Stairway to Heaven, Led Zeppelin)
User avatar
wobo
 
Posts: 1649
Joined: Mar 22nd, '11, 17:13

Re: File types allowed in forum post attachments

Postby maat » Jul 12th, '11, 22:41

i'll compare settings
maat
 
Posts: 304
Joined: Feb 13th, '11, 00:23

Re: File types allowed in forum post attachments

Postby wobo » Jul 12th, '11, 22:48

No need to!
Sorry to upset everybody! I made a mistake today - I looked in the wrong place. I only looked in teh list of KNOWN filetypes, not in the list of ALLOWED groups/types.

So, the correct status is set. I only added log and txt and pdf (which does not seem to be a security risk).

Sorry, my fault!
wobo
---
And a new day will dawn for those who stand long
And the forests will echo with laughter
(Stairway to Heaven, Led Zeppelin)
User avatar
wobo
 
Posts: 1649
Joined: Mar 22nd, '11, 17:13

Re: File types allowed in forum post attachments

Postby wobo » Jul 12th, '11, 22:51

So, this thread can be marked as "solved"
wobo
---
And a new day will dawn for those who stand long
And the forests will echo with laughter
(Stairway to Heaven, Led Zeppelin)
User avatar
wobo
 
Posts: 1649
Joined: Mar 22nd, '11, 17:13

Re: [Solved] File types allowed in forum post attachments

Postby doktor5000 » Nov 26th, '11, 01:08

@maat: It would be nice if you could also enable attachment of .conf files, like xorg.conf,
which is also quite lengthy and more convenient for users to upload the whole file
than copy&paste content and using code-Tags for it.
Cauldron is not for the faint of heart!
Caution: Hot, bubbling magic inside. May explode or cook your kittens!
----
Disclaimer: Beware of allergic reactions in answer to unconstructive complaint-type posts
User avatar
doktor5000
 
Posts: 16724
Joined: Jun 4th, '11, 10:10
Location: Leipzig, Germany

Re: [SOLVED] File types allowed in forum post attachments

Postby maat » Nov 26th, '11, 19:15

Done iinm :)
maat
 
Posts: 304
Joined: Feb 13th, '11, 00:23

Re: [SOLVED] File types allowed in forum post attachments

Postby doktor5000 » Feb 23rd, '12, 16:57

Need to pull this up again, seems still not solved for .log files, f.ex. take a look at: viewtopic.php?p=14051#p14051 (and subsequent posts)

Another reason would be that the code-tags only allow for a certain amount of text, posting a bigger log file into there is possible,
but the part which is too much is just stripped without a notification IIRC. So bigger log files or config files need to be attached.
Cauldron is not for the faint of heart!
Caution: Hot, bubbling magic inside. May explode or cook your kittens!
----
Disclaimer: Beware of allergic reactions in answer to unconstructive complaint-type posts
User avatar
doktor5000
 
Posts: 16724
Joined: Jun 4th, '11, 10:10
Location: Leipzig, Germany

Re: [SOLVED] File types allowed in forum post attachments

Postby Max » Mar 14th, '12, 16:31

We should mark this unsolved.
Apparently since svg files are plain text (xml) they are not allowed.
Image
User avatar
Max
 
Posts: 269
Joined: Apr 4th, '11, 09:16

Re: [SOLVED] File types allowed in forum post attachments

Postby doktor5000 » Mar 14th, '12, 17:19

Well, for that it would be in general interesting to know if the forum software only respects a list of filename extensions,
like .txt, .log, .conf or if internally it uses something like magic/libmagic ( http://linux.die.net/man/5/magic )
Cauldron is not for the faint of heart!
Caution: Hot, bubbling magic inside. May explode or cook your kittens!
----
Disclaimer: Beware of allergic reactions in answer to unconstructive complaint-type posts
User avatar
doktor5000
 
Posts: 16724
Joined: Jun 4th, '11, 10:10
Location: Leipzig, Germany

Re: [UNSOLVED] File types allowed in forum post attachments

Postby maat » Mar 22nd, '12, 15:28

.svg added for images

And file max size in currently 1M... i can extend it but 1M log file seems to me something rather large

what do you think ?
maat
 
Posts: 304
Joined: Feb 13th, '11, 00:23

Re: [UNSOLVED] File types allowed in forum post attachments

Postby Max » Mar 22nd, '12, 21:46

maat wrote:.svg added for images

No good with the svg.
It was not possible to determine the dimensions of the image.

And that's weird because the dimensions are explicitly given in the file.
Code: Select all
<svg
   xmlns:dc="http://purl.org/dc/elements/1.1/"
   xmlns:cc="http://creativecommons.org/ns#"
   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
   xmlns:svg="http://www.w3.org/2000/svg"
   xmlns="http://www.w3.org/2000/svg"
   xmlns:xlink="http://www.w3.org/1999/xlink"
   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
   width="214"
   height="300"
   id="svg2"
   version="1.1"
   inkscape:version="0.48.1 r9760"
   sodipodi:docname="New document 1">
Image
User avatar
Max
 
Posts: 269
Joined: Apr 4th, '11, 09:16

Re: [UNSOLVED] File types allowed in forum post attachments

Postby doktor5000 » Mar 23rd, '12, 00:12

OK, what about .conf and files with no extensions, as /var/log/cups/error_log ?

Can this size limited only be adjusted globally for all fileytpes?
Cauldron is not for the faint of heart!
Caution: Hot, bubbling magic inside. May explode or cook your kittens!
----
Disclaimer: Beware of allergic reactions in answer to unconstructive complaint-type posts
User avatar
doktor5000
 
Posts: 16724
Joined: Jun 4th, '11, 10:10
Location: Leipzig, Germany

Re: [UNSOLVED] File types allowed in forum post attachments

Postby maat » Mar 23rd, '12, 00:19

Without a hack the size is a global parameter...

And files without extension will be problematic...
maat
 
Posts: 304
Joined: Feb 13th, '11, 00:23

Re: [UNSOLVED] File types allowed in forum post attachments

Postby doktor5000 » Mar 23rd, '12, 20:10

My previous question was not answered yet, but would be helpful)
Well, for that it would be in general interesting to know if the forum software only respects a list of filename extensions,
like .txt, .log, .conf or if internally it uses something like magic/libmagic ( http://linux.die.net/man/5/magic )


Can you whitelist particular filenames or only extensions, or how is this handled?
Cauldron is not for the faint of heart!
Caution: Hot, bubbling magic inside. May explode or cook your kittens!
----
Disclaimer: Beware of allergic reactions in answer to unconstructive complaint-type posts
User avatar
doktor5000
 
Posts: 16724
Joined: Jun 4th, '11, 10:10
Location: Leipzig, Germany

Next

Return to Discussions about forums

Who is online

Users browsing this forum: No registered users and 1 guest