[pmwiki] [Pmwiki-users] batch uploads

Fabio Reis Cecin frcecin at terra.com.br
Sat May 17 11:24:37 CDT 2003


Uploading an unpacking a zip would be nice!

About file extensions: the script could unzip to a temp folder (out of rea=
ch)
and then manually copy every file on the temp dir that matches the 
requirements (extension, file size) to the upload folder, and delete those
files that don't.

But this would make it very easy to bypass the protection that the current=
 
upload size limit (per-file) offers. Maybe the limit should be set per-pag=
e?
Explain: every page could have XX kb of attachments. When you try to 
upload more to the same page, it is discarded. So if you upload a huge 
ZIP, with 40000 * 50kb attachments, once the limit is reached, the "copy" 
script mentioned above starts to ignore (delete) all subsequent files.

But then another problem. Suppose you upload a ZIP with lots of files. The=
n
half of your files don't get there. You end up with a half-uploaded ZIP. Y=
ou will
have to do it again eventually, so the admin will have to clean up after y=
ou.
Maybe it would be better if the .ZIP "upload/unzip" operation succeeded on=
ly if 
all upload criteria is satisfied; if there is a single ".php" file, or an 
excessively-large file inside the ZIP, or if the overall unzipped contents=
 are
too big, no files will get copied to the upload folder and the user gets a=
n error
screen stating why his files weren't accepted. So, it will behave like it =
is
supposed to be: a facilitator, so you don't have to do N separate uploads
manually.

Also, all structure inside the ZIP is ignored (extraction is without folde=
r 
names).

If enough people like it, I can try to help on implementation.

- Fabio

On 17 May 2003, at 6:57, Patrick R. Michaud wrote:

> On Sat, May 17, 2003 at 08:32:03AM +0200, Bernhard.Weichel at t-online.de w=
rote:
> > Would it make sense having an action that uploads a zip archive and un=
pack
> > this on the server?
> 
> Good idea, but it might be difficult to enforce file size or file extens=
ion
> limits--i.e., the script would have to be smart enough to examine each
> of the unzipped files and check them for safety.  One has to be especial=
ly
> careful to disallow uploading of ".php" files and other files that have
> special meaning to the server; if someone can upload a .php file, then t=
hey
> can execute arbitrary scripts on the server which is really bad.
> 
> If someone wants to write a script (or modify upload.php) along these
> lines, be my guest.  I probably won't attempt it anytime soon--a few too
> many other things on my plate at the moment.  
> 
> Another approach would be to provide a page with multiple file upload
> boxes, since most browsers don't allow multiple files to be selected in
> a single box.
> 
> Also, remember that both Apache and PHP enforce limits on the overall
> size of an upload request, so combining multiple uploads into a single
> request will tend to hit those limits more frequently (might not be
> a problem for lots of situations however).
> 
> Pm
> 
> 
> 


--
[]'s
F=E1bio R. Cecin
frcecin at terra.com.br




More information about the pmwiki-users mailing list