Register Members List Search Today's Posts Mark Forums Read

Reply
 
Mod Options
Asset Manager / Image Upload Fix to upload multiple files like the Flash uploader Details »
Asset Manager / Image Upload Fix to upload multiple files like the Flash uploader
Mod Version: 1.1.0, by BirdOPrey5 (IB Staff) BirdOPrey5 is offline
Developer Last Online: Dec 2017 I like it Show Printable Version Email this Page

vB Version: 4.1.10 Rating: (13 votes - 4.92 average) Installs: 88
Released: 11 Jan 2014 Last Update: Never Downloads: 299
Supported Uses Plugins Auto-Template Re-usable Code  

2017 Update - Google Chrome and other browsers are starting to end support for Flash. As Flash gets deprecated and removed from browsers users trying to upload will see the Ajax Uploader instead. Without this add-on the Ajax Uploader will only allow uploading one image at a time. I've tested and this still works on VB 4.2.5 using PHP 5.6.x (I wasn't able to test PHP 7 but it should work on that as well.) Although it wasn't designed for this issue, it does work great to bring back multiple uploads in the post-Flash era.


---

(Old info from 2014...)

If you weren't aware an exploit was found in the flash uploader (uploader.swf) file supplied with vBulletin 4.x. This file was part of the Yahoo YUI 2 package and Yahoo will not be fixing the exploit- Yahoo instructs anyone to remove the file since they no longer use Flash.

Officially vBulletin says it is better to replace the file with an empty file of the same name.
Official announcement here: http://www.vbulletin.com/forum/forum...n-uploader-swf

The problem was however that if you remove the flash uploader the default Ajax uploader did not allow multiple files to be selected at one time (using CTRL+Click or Shift+Click to select multiple files) like the Flash uploader used to allow.

However FranzBanz thankfully posted a template edit on vBulletin.com that uses the power of HTML 5 to restore the ability to select multiple files at once!

The template edit is fairly easy, but I took it a step further and made this into a basic vBulletin modification.

There are a few things you need to be aware of-

1) This does not work on IE9 or lower, these users must upload one at a time. IE10, Chrome, Firefox, Safari, Opera should all be OK. (See here: http://www.w3schools.com/tags/att_input_multiple.asp)

Note: It has come to my attention this will not work in IE at all if IE10 or IE11 are running in IE9 Compatibility mode, which is required on vBulletin for the WYSIWYG editor to work in those versions.

2) There is no easy way to limit the number of files users can choose to upload. If they choose more files then your forum is set to allow they will get an error message when attempting to upload the extra files. Not a big deal but be aware of this limitation, maybe let your users know ahead of time. What I have done is added text that informs the user the max number of uploads allowed. See screenshots for details.

3) Requires vBulletin 4.1.10 or higher, one of the hooks needed doesn't exist in older versions. If you have 4.1.9 or older do the manual template edit linked above.

4) If you need to translate the one phrase used by this mod is a GLOBAL phrase: max_fileassets_bop5

There are no settings for this mod, just install and it is active.

Note- You should go to Admin CP -> Settings -> Options -> Message Attachment Options and do the following:
  • Set Attachment Upload Inputs to a value greater than 1. This will be the max that can be uploaded at once before getting an error.
  • Make sure Attachments Per Post is set higher than or equal to Attachment Upload Inputs
  • Set Asset Manager - Enable to Yes, Ajax Upload by Default


------------------------------------------------------

Please "Mark as Installed" if you use this.
Nominate MOTM if you LOVE it!
Please direct any donations toward FranzBanz on vBulletin.com

Download Now

Only licensed members can download files, Click Here for more information.

Screenshots

Click image for larger version

Name:	asset-manager-multi-files-ss.jpg
Views:	673
Size:	93.1 KB
ID:	147790   Click image for larger version

Name:	image-upload-multi-files-ss.jpg
Views:	675
Size:	26.6 KB
ID:	147791  

Show Your Support

  • To receive notifications regarding updates -> Click to Mark as Installed.
  • If you like this modification support the author by donating.
  • This modification may not be copied, reproduced or published elsewhere without author's permission.
  #16  
Old 12 Jan 2014, 20:53
BirdOPrey5's Avatar
BirdOPrey5 BirdOPrey5 is offline
 
Join Date: Jun 2008
Real name: Joe D.
The vBulletin Admin CP has a limit of 10, I would not suggest trying to get around that, it may cause more problem then it is worth.

However if you put the site in debug mode an edit option will show next to each admin cp option allowing you to make changes. You could add a drop down option for 100 and see what happens.
__________________
-Joe (@BirdOPrey5) Former Moderator. Fighting for a free & independent vb.org.
BirdOPrey5.com - Exclusive VB Mods! (Formerly Qapla.com) | Joe's Ultimate Off Topic
Note - I do not read my PMs often, do not expect quick replies.
Reply With Quote
  #17  
Old 12 Jan 2014, 21:30
Jennifer2010 Jennifer2010 is offline
 
Join Date: Mar 2011
Originally Posted by BirdOPrey5 View Post
The vBulletin Admin CP has a limit of 10, I would not suggest trying to get around that, it may cause more problem then it is worth.

However if you put the site in debug mode an edit option will show next to each admin cp option allowing you to make changes. You could add a drop down option for 100 and see what happens.
This seems to have done the trick, thank you!
Reply With Quote
  #18  
Old 12 Jan 2014, 21:43
Jennifer2010 Jennifer2010 is offline
 
Join Date: Mar 2011
Actually maybe not, uploading 10 attachments works but anything after that and it doesn't upload any - Must be another underlying value that needs to be changed.

Last edited by Jennifer2010; 12 Jan 2014 at 22:07.
Reply With Quote
  #19  
Old 12 Jan 2014, 21:57
BirdOPrey5's Avatar
BirdOPrey5 BirdOPrey5 is offline
 
Join Date: Jun 2008
Real name: Joe D.
I'm sorry then there is probably a hard limit in the code somewhere. Do you know for a fact if 12+ files were allowed in the flash uploader?
__________________
-Joe (@BirdOPrey5) Former Moderator. Fighting for a free & independent vb.org.
BirdOPrey5.com - Exclusive VB Mods! (Formerly Qapla.com) | Joe's Ultimate Off Topic
Note - I do not read my PMs often, do not expect quick replies.
Reply With Quote
  #20  
Old 12 Jan 2014, 22:16
Jennifer2010 Jennifer2010 is offline
 
Join Date: Mar 2011
Originally Posted by BirdOPrey5 View Post
I'm sorry then there is probably a hard limit in the code somewhere. Do you know for a fact if 12+ files were allowed in the flash uploader?
It was worth a shot

The uploader we had before the security hole allowed an unlimited amount of photos. Our forum is photo based and users constantly uploaded 50 - 100 photos at a time.
Reply With Quote
  #21  
Old 13 Jan 2014, 12:26
BirdOPrey5's Avatar
BirdOPrey5 BirdOPrey5 is offline
 
Join Date: Jun 2008
Real name: Joe D.
GREAT NEWS!

http://www.vbulletin.com/forum/forum...57#post4015757

The vBulletin.com user alexm has managed to re-compile the uploader.swf file with this exploit (and another) fixed!

He has uploaded a new .zip file with a new uploader.swf file to the post I linked to above.

This file is a direct replacement for uploader.swf and you can upload it over your current uploader.swf file and go back to the flash uploader!

Warning: alexm admits he is not a flash developer and there is no guarantee additional exploits don't exist- but it looks good to me.
__________________
-Joe (@BirdOPrey5) Former Moderator. Fighting for a free & independent vb.org.
BirdOPrey5.com - Exclusive VB Mods! (Formerly Qapla.com) | Joe's Ultimate Off Topic
Note - I do not read my PMs often, do not expect quick replies.

Last edited by BirdOPrey5; 13 Jan 2014 at 12:34.
Reply With Quote
  #22  
Old 13 Jan 2014, 12:37
DemOnstar's Avatar
DemOnstar DemOnstar is offline
 
Join Date: Dec 2012
For those of us that are lazy.. Here's the jist of it.

http://www.vbulletin.com/forum/forum...57#post4015757

Following my last post I think I've managed to fix the flash file... The problem was with the decompiled source. I managed to find the original Actionscript source code for YUI 2.9.0 here:

https://github.com/yui/yui2/tree/master/src/uploader/as

I used that to replace some of the decompiled source from uploader.swf and then recompiled with a REGEX to sanitise allowedDomain. The result is a working uploader.swf that passes the exploit proof of concept.

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.


If there are any proper Flash developers out there who can double check my code I will be happy to share the source!

DISCLAIMER: I am not a flash developer, I am just another vBulletin customer trying to keep his members happy! This file is provided free of charge for the benefit of the vBulletin community. You use it at your own risk! Please test before using on a live site!!
Download:
Reply With Quote
  #23  
Old 13 Jan 2014, 12:37
djbaxter djbaxter is offline
 
Join Date: Aug 2006
Location: Ottawa, Canada
That's the problem: How many Flash exploits have there been over the past year alone? I applaud Alex for his efforts but he found another security vulnerability a day after he released his version. For some time, it appeared that Adobe was releasing a new version of Flash every month or so.

I think most people are going to be better off with a non-Flash solution.

From alexm at http://www.vbulletin.com/forum/forum...81#post4015881

Unless anyone else can find any further problems which need fixing I'm not intending to develop it further. The .zip file posted earlier contains a working uploader.swf with the allowedDomain exploit fixed plus another potential exploit also fixed so those who want to stick with the flash uploader are now able to return the functionality back to exactly what it was before all this started, which was the main goal of this exercise.
Reply With Quote
  #24  
Old 14 Jan 2014, 10:35
hugh_ hugh_ is offline
 
Join Date: Mar 2005
Thanks Joe.
Reply With Quote
  #25  
Old 15 Jan 2014, 00:44
BirdOPrey5's Avatar
BirdOPrey5 BirdOPrey5 is offline
 
Join Date: Jun 2008
Real name: Joe D.
Alexm released it here on vBulletin.org as a mod now: http://www.vbulletin.org/forum/showthread.php?t=307008

Please be sure you nominate it MOTM if you like it, I did.
__________________
-Joe (@BirdOPrey5) Former Moderator. Fighting for a free & independent vb.org.
BirdOPrey5.com - Exclusive VB Mods! (Formerly Qapla.com) | Joe's Ultimate Off Topic
Note - I do not read my PMs often, do not expect quick replies.
Reply With Quote
  #26  
Old 27 Apr 2014, 13:58
weave weave is offline
 
Join Date: Jun 2011
Have been having issues with 4.2.2 PL1 and the patched SWF so I found this and gave it a go.

THANK YOU!!!!

Flash just needs to be declared DEAD so we can all move on from it.*
Reply With Quote
  #27  
Old 18 Jun 2014, 08:47
TransAmDan TransAmDan is offline
 
Join Date: Nov 2009
Brilliant fix, I've been using it for many months now. We run an American and Classic car club, and we have many photos of events we have attended, could be up to 1000 photos to upload.
A few years ago, I remember just setting up there 1000 to upload and leaving it. However after about 50 the gap between uploads gets greater. Therefore slowing to almost a halt at 100. I dont think it is the change of this fix, but something else that has crept in. Has anyone else noticed this?
I wonder if that is fixable. I've never tried SWF coding, my area is AVR assembler, ASP, VB or C++.
Reply With Quote
  #28  
Old 19 Jun 2014, 14:12
BirdOPrey5's Avatar
BirdOPrey5 BirdOPrey5 is offline
 
Join Date: Jun 2008
Real name: Joe D.
Originally Posted by TransAmDan View Post
Brilliant fix, I've been using it for many months now. We run an American and Classic car club, and we have many photos of events we have attended, could be up to 1000 photos to upload.
A few years ago, I remember just setting up there 1000 to upload and leaving it. However after about 50 the gap between uploads gets greater. Therefore slowing to almost a halt at 100. I dont think it is the change of this fix, but something else that has crept in. Has anyone else noticed this?
I wonder if that is fixable. I've never tried SWF coding, my area is AVR assembler, ASP, VB or C++.
This fix doesn't use flash/swf coding at all- it is the built in HTML/Javascript powered uploader. If the same slowness affects both the AJAX and Flash uploader than the problem is with the server not the SWF file. Frankly 50 or 100 or more files were never intended to be uploaded at once. vBulletin isn't gallery software- it's forum software that allows images. I'm glad it is working out for you but no one ever tested uploading 1000 images.
__________________
-Joe (@BirdOPrey5) Former Moderator. Fighting for a free & independent vb.org.
BirdOPrey5.com - Exclusive VB Mods! (Formerly Qapla.com) | Joe's Ultimate Off Topic
Note - I do not read my PMs often, do not expect quick replies.
Reply With Quote
  #29  
Old 19 Jun 2014, 18:52
TransAmDan TransAmDan is offline
 
Join Date: Nov 2009
Originally Posted by BirdOPrey5 View Post
This fix doesn't use flash/swf coding at all- it is the built in HTML/Javascript powered uploader. If the same slowness affects both the AJAX and Flash uploader than the problem is with the server not the SWF file. Frankly 50 or 100 or more files were never intended to be uploaded at once. vBulletin isn't gallery software- it's forum software that allows images. I'm glad it is working out for you but no one ever tested uploading 1000 images.
I know what your saying. I tried it once and it worked, but now it doesn't seem to work as well. The difference is web server, and of course up to date vBulletin software now. My website used to be on a windows server, then i moved to shared Linux, now I'm on a dedicated Linux server. It seems I had better luck with uploading a mass of images when I was on windows, but then others things have changed since then in the last 3 years. so wasn't sure if it was something I could revert back.
I will carry on running tests, just wondered if anyone else noticed this.
Reply With Quote
  #30  
Old 08 Jul 2014, 14:01
chriske chriske is offline
 
Join Date: Oct 2008
Just to make sure, this solution is not based on flash? It is working like a charm, thank you so much!
__________________
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Mod Options

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


New To Site? Need Help?

All times are GMT. The time now is 12:56.

Layout Options | Width: Wide Color: