Asset Manager / Image Upload Fix to upload multiple files like the Flash uploader
 

2017 Update - Google Chrome and other browsers are starting to end support for Flash. As Flash gets deprecated and removed from browsers users trying to upload will see the Ajax Uploader instead. Without this add-on the Ajax Uploader will only allow uploading one image at a time. I've tested and this still works on VB 4.2.5 using PHP 5.6.x (I wasn't able to test PHP 7 but it should work on that as well.) Although it wasn't designed for this issue, it does work great to bring back multiple uploads in the post-Flash era.


---

(Old info from 2014...)

If you weren't aware an exploit was found in the flash uploader (uploader.swf) file supplied with vBulletin 4.x. This file was part of the Yahoo YUI 2 package and Yahoo will not be fixing the exploit- Yahoo instructs anyone to remove the file since they no longer use Flash.

Officially vBulletin says it is better to replace the file with an empty file of the same name.
Official announcement here: http://www.vbulletin.com/forum/forum...n-uploader-swf

The problem was however that if you remove the flash uploader the default Ajax uploader did not allow multiple files to be selected at one time (using CTRL+Click or Shift+Click to select multiple files) like the Flash uploader used to allow.

However FranzBanz thankfully posted a template edit on vBulletin.com that uses the power of HTML 5 to restore the ability to select multiple files at once!

The template edit is fairly easy, but I took it a step further and made this into a basic vBulletin modification.

There are a few things you need to be aware of-

1) This does not work on IE9 or lower, these users must upload one at a time. IE10, Chrome, Firefox, Safari, Opera should all be OK. (See here: http://www.w3schools.com/tags/att_input_multiple.asp)

Note: It has come to my attention this will not work in IE at all if IE10 or IE11 are running in IE9 Compatibility mode, which is required on vBulletin for the WYSIWYG editor to work in those versions.

2) There is no easy way to limit the number of files users can choose to upload. If they choose more files then your forum is set to allow they will get an error message when attempting to upload the extra files. Not a big deal but be aware of this limitation, maybe let your users know ahead of time. What I have done is added text that informs the user the max number of uploads allowed. See screenshots for details.

3) Requires vBulletin 4.1.10 or higher, one of the hooks needed doesn't exist in older versions. If you have 4.1.9 or older do the manual template edit linked above.

4) If you need to translate the one phrase used by this mod is a GLOBAL phrase: max_fileassets_bop5

There are no settings for this mod, just install and it is active.

Note- You should go to Admin CP -> Settings -> Options -> Message Attachment Options and do the following:

• Set Attachment Upload Inputs to a value greater than 1. This will be the max that can be uploaded at once before getting an error.
• Make sure Attachments Per Post is set higher than or equal to Attachment Upload Inputs
• Set Asset Manager - Enable to Yes, Ajax Upload by Default

------------------------------------------------------

Please "Mark as Installed" if you use this. :)
Nominate MOTM if you LOVE it! ;)
Please direct any donations toward FranzBanz on vBulletin.com :up:

Thank you.
Works great

it didn't work for me for some reason its still having me select a file, click upload and then have to select another file? hmmmm

What browser are you using? Are you willing to link to your site?

Great work BOP.

Excellent stuff, installed. :)

Outstanding..Great Work..

Nicccccccccccccccccccccccce Thank you! GREAT FIX! :)

Note: It has come to my attention this will not work in IE at all if IE10 or IE11 are running in IE9 Compatibility mode, which is required on vBulletin for the WYSIWYG editor to work in those versions.

I believe a plugin exists to disable WYSIWYG for IE10 and IE11 users, forcing the editor to source mode for these users....this is the best workaround for this if multiple uploads is an issue as then you don't need compatibility mode.

Joe I think it might even by your plugin if I remember correctly.

Indeed there is and yes it is mine as well. - https://vborg.vbsupport.ru/showthread.php?t=296838

If users want to use multiple uploading in IE10/11 and NOT use the WYSIWYG editor then they can use that mod.

In IE 4.2.1 or 4.2.2 they will also need to edit the headinclude template and delete the line

Which forces IE9 compatibility mode.

Another workaround is not to use IE at all, but I doubt there's a plug in for that. :D

Working on vBulletin 4.2.2, Mark as Installed

Awesome thanks for the fix,installed!

This works great, thank you! However, is there any way to increase the max number of inputs to more than 10 (vBulletin doesn't allow me to select more than 10).

I tried uploading more than 10 photos at a time and it doesn't insert any at all and with no error message, so this would confuse users. Would be nice to set the limit to more like 100 or something.

Thank you!

- Jen

The vBulletin Admin CP has a limit of 10, I would not suggest trying to get around that, it may cause more problem then it is worth.

However if you put the site in debug mode an edit option will show next to each admin cp option allowing you to make changes. You could add a drop down option for 100 and see what happens.

This seems to have done the trick, thank you!

Actually maybe not, uploading 10 attachments works but anything after that and it doesn't upload any :( - Must be another underlying value that needs to be changed.

I'm sorry then there is probably a hard limit in the code somewhere. Do you know for a fact if 12+ files were allowed in the flash uploader?

It was worth a shot :)

The uploader we had before the security hole allowed an unlimited amount of photos. Our forum is photo based and users constantly uploaded 50 - 100 photos at a time.

GREAT NEWS!

http://www.vbulletin.com/forum/forum...57#post4015757

The vBulletin.com user alexm has managed to re-compile the uploader.swf file with this exploit (and another) fixed!

He has uploaded a new .zip file with a new uploader.swf file to the post I linked to above.

This file is a direct replacement for uploader.swf and you can upload it over your current uploader.swf file and go back to the flash uploader!

Warning: alexm admits he is not a flash developer and there is no guarantee additional exploits don't exist- but it looks good to me.

For those of us that are lazy.. Here's the jist of it.

http://www.vbulletin.com/forum/forum...57#post4015757

Download:

That's the problem: How many Flash exploits have there been over the past year alone? I applaud Alex for his efforts but he found another security vulnerability a day after he released his version. For some time, it appeared that Adobe was releasing a new version of Flash every month or so.

I think most people are going to be better off with a non-Flash solution.

From alexm at http://www.vbulletin.com/forum/forum...81#post4015881

Thanks Joe.

Alexm released it here on vBulletin.org as a mod now: https://vborg.vbsupport.ru/showthread.php?t=307008

Please be sure you nominate it MOTM if you like it, I did. :up:

Have been having issues with 4.2.2 PL1 and the patched SWF so I found this and gave it a go.

THANK YOU!!!!

Flash just needs to be declared DEAD so we can all move on from it.*

Brilliant fix, I've been using it for many months now. We run an American and Classic car club, and we have many photos of events we have attended, could be up to 1000 photos to upload.
A few years ago, I remember just setting up there 1000 to upload and leaving it. However after about 50 the gap between uploads gets greater. Therefore slowing to almost a halt at 100. I dont think it is the change of this fix, but something else that has crept in. Has anyone else noticed this?
I wonder if that is fixable. I've never tried SWF coding, my area is AVR assembler, ASP, VB or C++.

This fix doesn't use flash/swf coding at all- it is the built in HTML/Javascript powered uploader. If the same slowness affects both the AJAX and Flash uploader than the problem is with the server not the SWF file. Frankly 50 or 100 or more files were never intended to be uploaded at once. vBulletin isn't gallery software- it's forum software that allows images. I'm glad it is working out for you but no one ever tested uploading 1000 images.

I know what your saying. I tried it once and it worked, but now it doesn't seem to work as well. The difference is web server, and of course up to date vBulletin software now. My website used to be on a windows server, then i moved to shared Linux, now I'm on a dedicated Linux server. It seems I had better luck with uploading a mass of images when I was on windows, but then others things have changed since then in the last 3 years. so wasn't sure if it was something I could revert back.
I will carry on running tests, just wondered if anyone else noticed this.

Just to make sure, this solution is not based on flash? It is working like a charm, thank you so much!

That is correct- zero Flash. :up:

Just wanted to bring this to the top, this still works on VB 4.2.5 in my test.

Now that Google Chrome has started blocking Flash by default the flash uploader built into vB 4.x is also being blocked like any other flash code. Other browsers may be doing the same. If users complain about only being able to upload one file at a time, this is the fix.

Yes. It's still working fine on my 4.2.5 forums under PHP7.1.x

My flash multiple uplaoder was working fine til yesturday, didnt change anything now it doesnt work - 4.2.5

Not working in 4.2.5 with php 7.1 on the Manage Attachments dialog.

Multiple file upload still works using the image icon on a new post, but from the Manage Attachments dialog, if I look at the console, I see the following error in Chrome.

Same-origin plugin content from https://myforum.org/forums/clientscr...s/uploader.swf must have a visible size larger than 6 x 6 pixels, or it will be blocked. Invisible content is always blocked.

The message is thrown on the newattachment.php

Weird because uploader.swf shouldn't be involved at all as this would be instead of the flash uploader. Unfortunately I can't test on PHP 7.1 but if you go to Admin CP -> Settings -> Options -> Message Attachment Options, make sure "Asset Manager - Enable" is set to Yes, Ajax Uploader by default.

Already set to that.

I do also get two errors just before the newattachment.php error of:
vbulletin_asset.js:11 vB_Asset :: NaN
vbulletin_asset.js:11 vB_Asset :: NaN

So could be an unrelated javascript error causing it to default to the flash plugin I guess.

Another strange behavior is that once I have images in the bottom tray of the dialog, the Insert Inline shows the correct number of images to insert are correct, but clicking the button does nothing, the image tags are not inserted into the post. If I close and re-open the dialog, the insert images will work at that point.

Well does removing this mod cause the Ajax uploader to work correctly, albeit one file at a time? That would be the test if it is a mod issue or something else.

nice one thank you for this....i dont enable asset manager, but just for simple image in post multi uploads that is good to improve :)

vb4.2.5 php 5.6

Thanks for this mod.
I'm running into an issue, that i just noticed. It's not related to this mod, but hoping someone will have an answer.

When I click the image upload button on my forum, and the screen to browse for an image appears. You can select an image, but there is no 'ok' or 'cancel' button on this tab. So you can't actually do anything.

If I click the tab to get an image remotely the buttons are there?
Anyone have an idea what's going on?

VB 4.2.2