Go Back   vb.org Archive > vBulletin Modifications > vBulletin 4.x Modifications > vBulletin 4.x Add-ons
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools
Asset Manager / Image Upload Fix to upload multiple files like the Flash uploader Details »»
Asset Manager / Image Upload Fix to upload multiple files like the Flash uploader
Version: 1.1.0, by BirdOPrey5 (Senior Member) BirdOPrey5 is offline
Developer Last Online: Aug 2023 Show Printable Version Email this Page

Category: Miscellaneous Hacks - Version: 4.1.10 Rating:
Released: 01-10-2014 Last Update: Never Installs: 100
Supported Uses Plugins Auto-Templates
Re-useable Code  

2017 Update - Google Chrome and other browsers are starting to end support for Flash. As Flash gets deprecated and removed from browsers users trying to upload will see the Ajax Uploader instead. Without this add-on the Ajax Uploader will only allow uploading one image at a time. I've tested and this still works on VB 4.2.5 using PHP 5.6.x (I wasn't able to test PHP 7 but it should work on that as well.) Although it wasn't designed for this issue, it does work great to bring back multiple uploads in the post-Flash era.


---

(Old info from 2014...)

If you weren't aware an exploit was found in the flash uploader (uploader.swf) file supplied with vBulletin 4.x. This file was part of the Yahoo YUI 2 package and Yahoo will not be fixing the exploit- Yahoo instructs anyone to remove the file since they no longer use Flash.

Officially vBulletin says it is better to replace the file with an empty file of the same name.
Official announcement here: http://www.vbulletin.com/forum/forum...n-uploader-swf

The problem was however that if you remove the flash uploader the default Ajax uploader did not allow multiple files to be selected at one time (using CTRL+Click or Shift+Click to select multiple files) like the Flash uploader used to allow.

However FranzBanz thankfully posted a template edit on vBulletin.com that uses the power of HTML 5 to restore the ability to select multiple files at once!

The template edit is fairly easy, but I took it a step further and made this into a basic vBulletin modification.

There are a few things you need to be aware of-

1) This does not work on IE9 or lower, these users must upload one at a time. IE10, Chrome, Firefox, Safari, Opera should all be OK. (See here: http://www.w3schools.com/tags/att_input_multiple.asp)

Note: It has come to my attention this will not work in IE at all if IE10 or IE11 are running in IE9 Compatibility mode, which is required on vBulletin for the WYSIWYG editor to work in those versions.

2) There is no easy way to limit the number of files users can choose to upload. If they choose more files then your forum is set to allow they will get an error message when attempting to upload the extra files. Not a big deal but be aware of this limitation, maybe let your users know ahead of time. What I have done is added text that informs the user the max number of uploads allowed. See screenshots for details.

3) Requires vBulletin 4.1.10 or higher, one of the hooks needed doesn't exist in older versions. If you have 4.1.9 or older do the manual template edit linked above.

4) If you need to translate the one phrase used by this mod is a GLOBAL phrase: max_fileassets_bop5

There are no settings for this mod, just install and it is active.

Note- You should go to Admin CP -> Settings -> Options -> Message Attachment Options and do the following:
  • Set Attachment Upload Inputs to a value greater than 1. This will be the max that can be uploaded at once before getting an error.
  • Make sure Attachments Per Post is set higher than or equal to Attachment Upload Inputs
  • Set Asset Manager - Enable to Yes, Ajax Upload by Default


------------------------------------------------------

Please "Mark as Installed" if you use this.
Nominate MOTM if you LOVE it!
Please direct any donations toward FranzBanz on vBulletin.com :up:

Download Now

File Type: xml product-assetmanagermultifixbop5.xml (5.6 KB, 395 views)

Screenshots

File Type: jpg asset-manager-multi-files-ss.jpg (93.1 KB, 0 views)
File Type: jpg image-upload-multi-files-ss.jpg (26.6 KB, 0 views)

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.
6 благодарности(ей) от:
hugh_, ozzy47, Papa Bear, puertoblack2003, Ramsesx, tbworld

Comments
  #22  
Old 01-13-2014, 11:26 AM
BirdOPrey5's Avatar
BirdOPrey5 BirdOPrey5 is offline
Senior Member
 
Join Date: Jun 2008
Location: New York
Posts: 10,610
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

GREAT NEWS!

http://www.vbulletin.com/forum/forum...57#post4015757

The vBulletin.com user alexm has managed to re-compile the uploader.swf file with this exploit (and another) fixed!

He has uploaded a new .zip file with a new uploader.swf file to the post I linked to above.

This file is a direct replacement for uploader.swf and you can upload it over your current uploader.swf file and go back to the flash uploader!

Warning: alexm admits he is not a flash developer and there is no guarantee additional exploits don't exist- but it looks good to me.
Reply With Quote
Благодарность от:
Robru
  #23  
Old 01-13-2014, 11:37 AM
DemOnstar's Avatar
DemOnstar DemOnstar is offline
 
Join Date: Dec 2012
Posts: 859
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

For those of us that are lazy.. Here's the jist of it.

http://www.vbulletin.com/forum/forum...57#post4015757

Quote:
Following my last post I think I've managed to fix the flash file... The problem was with the decompiled source. I managed to find the original Actionscript source code for YUI 2.9.0 here:

https://github.com/yui/yui2/tree/master/src/uploader/as

I used that to replace some of the decompiled source from uploader.swf and then recompiled with a REGEX to sanitise allowedDomain. The result is a working uploader.swf that passes the exploit proof of concept.
Code:
uploader.swf?allowedDomain=\%22}%29%29%29}catch%28e%29{alert%28document.domain%29;}//
Quote:

If there are any proper Flash developers out there who can double check my code I will be happy to share the source!

DISCLAIMER: I am not a flash developer, I am just another vBulletin customer trying to keep his members happy! This file is provided free of charge for the benefit of the vBulletin community. You use it at your own risk! Please test before using on a live site!!
Download:
Reply With Quote
  #24  
Old 01-13-2014, 11:37 AM
djbaxter djbaxter is offline
 
Join Date: Aug 2006
Location: Ottawa, Canada
Posts: 2,601
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

That's the problem: How many Flash exploits have there been over the past year alone? I applaud Alex for his efforts but he found another security vulnerability a day after he released his version. For some time, it appeared that Adobe was releasing a new version of Flash every month or so.

I think most people are going to be better off with a non-Flash solution.

From alexm at http://www.vbulletin.com/forum/forum...81#post4015881

Quote:
Unless anyone else can find any further problems which need fixing I'm not intending to develop it further. The .zip file posted earlier contains a working uploader.swf with the allowedDomain exploit fixed plus another potential exploit also fixed so those who want to stick with the flash uploader are now able to return the functionality back to exactly what it was before all this started, which was the main goal of this exercise.
Reply With Quote
Благодарность от:
BirdOPrey5
  #25  
Old 01-14-2014, 09:35 AM
hugh_ hugh_ is offline
 
Join Date: Mar 2005
Location: Netherlands
Posts: 368
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Thanks Joe.
Reply With Quote
Благодарность от:
BirdOPrey5
  #26  
Old 01-14-2014, 11:44 PM
BirdOPrey5's Avatar
BirdOPrey5 BirdOPrey5 is offline
Senior Member
 
Join Date: Jun 2008
Location: New York
Posts: 10,610
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Alexm released it here on vBulletin.org as a mod now: https://vborg.vbsupport.ru/showthread.php?t=307008

Please be sure you nominate it MOTM if you like it, I did. :up:
Reply With Quote
  #27  
Old 04-27-2014, 11:58 AM
weave weave is offline
 
Join Date: Jun 2011
Posts: 64
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Have been having issues with 4.2.2 PL1 and the patched SWF so I found this and gave it a go.

THANK YOU!!!!

Flash just needs to be declared DEAD so we can all move on from it.*
Reply With Quote
Благодарность от:
BirdOPrey5
  #28  
Old 06-18-2014, 06:47 AM
TransAmDan TransAmDan is offline
 
Join Date: Nov 2009
Posts: 34
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Brilliant fix, I've been using it for many months now. We run an American and Classic car club, and we have many photos of events we have attended, could be up to 1000 photos to upload.
A few years ago, I remember just setting up there 1000 to upload and leaving it. However after about 50 the gap between uploads gets greater. Therefore slowing to almost a halt at 100. I dont think it is the change of this fix, but something else that has crept in. Has anyone else noticed this?
I wonder if that is fixable. I've never tried SWF coding, my area is AVR assembler, ASP, VB or C++.
Reply With Quote
  #29  
Old 06-19-2014, 12:12 PM
BirdOPrey5's Avatar
BirdOPrey5 BirdOPrey5 is offline
Senior Member
 
Join Date: Jun 2008
Location: New York
Posts: 10,610
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by TransAmDan View Post
Brilliant fix, I've been using it for many months now. We run an American and Classic car club, and we have many photos of events we have attended, could be up to 1000 photos to upload.
A few years ago, I remember just setting up there 1000 to upload and leaving it. However after about 50 the gap between uploads gets greater. Therefore slowing to almost a halt at 100. I dont think it is the change of this fix, but something else that has crept in. Has anyone else noticed this?
I wonder if that is fixable. I've never tried SWF coding, my area is AVR assembler, ASP, VB or C++.
This fix doesn't use flash/swf coding at all- it is the built in HTML/Javascript powered uploader. If the same slowness affects both the AJAX and Flash uploader than the problem is with the server not the SWF file. Frankly 50 or 100 or more files were never intended to be uploaded at once. vBulletin isn't gallery software- it's forum software that allows images. I'm glad it is working out for you but no one ever tested uploading 1000 images.
Reply With Quote
  #30  
Old 06-19-2014, 04:52 PM
TransAmDan TransAmDan is offline
 
Join Date: Nov 2009
Posts: 34
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by BirdOPrey5 View Post
This fix doesn't use flash/swf coding at all- it is the built in HTML/Javascript powered uploader. If the same slowness affects both the AJAX and Flash uploader than the problem is with the server not the SWF file. Frankly 50 or 100 or more files were never intended to be uploaded at once. vBulletin isn't gallery software- it's forum software that allows images. I'm glad it is working out for you but no one ever tested uploading 1000 images.
I know what your saying. I tried it once and it worked, but now it doesn't seem to work as well. The difference is web server, and of course up to date vBulletin software now. My website used to be on a windows server, then i moved to shared Linux, now I'm on a dedicated Linux server. It seems I had better luck with uploading a mass of images when I was on windows, but then others things have changed since then in the last 3 years. so wasn't sure if it was something I could revert back.
I will carry on running tests, just wondered if anyone else noticed this.
Reply With Quote
  #31  
Old 07-08-2014, 12:01 PM
chriske chriske is offline
 
Join Date: Oct 2008
Posts: 167
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Just to make sure, this solution is not based on flash? It is working like a charm, thank you so much!
Reply With Quote
Благодарность от:
BirdOPrey5
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 10:47 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.05202 seconds
  • Memory Usage 2,365KB
  • Queries Executed 26 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)bbcode_code
  • (5)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (4)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (3)pagenav_pagelink
  • (11)post_thanks_box
  • (11)post_thanks_box_bit
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (6)post_thanks_postbit
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (3)postbit_attachment
  • (11)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_attachment
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete