Ticket #16 (new task)
Rewrite file upload and storage code
| Reported by: | WanWizard | ||
|---|---|---|---|
| Priority: | low | Milestone: | 7.3 |
| Component: | ExiteCMS Core | Version: | 7.2 |
| Severity: | Tweak | Keywords: | core functionality security |
Description
Within the engine, it is possible to upload files at differerent places. Attachments of a forum or PM message, Wiki images, local download storage, image uploads, etc.
Currently, each uses it's own logic to process and validate the uploaded file. This needs to be standardized.
Also, because files are now stored using the uploaded filename, there is a likelihood that two uploaded files have the same file name. It would be a good idea to store the files on disk using a random generated name, and keep the real name in the database. This way we can't have duplicate filenames, and also, it is difficult to download the file directly, if you know the filename and the path in which the file is stored.
note that currently image uploads don't work with a database, but directly with the stored files. This needs to be addressed.
Change History
comment:2 Changed 2 years ago by WanWizard
It should also be possible to select and upload multiple files at one, and use some for of Ajax like code to upload without forcing a reload of the page.
We're currently looking at implementing swfupload ( http://swfupload.org/)
