Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • M N 125 posts 212 karma points
    Jan 25, 2017 @ 19:23
    M N
    0

    Security/Change Saved File Name?

    Hi Simon,

    First, this is a fantastic little plugin and I'm surprised it's not more popular :)

    Second, I was just curious how you were calculating the file name that gets pushed to the Umbraco Media service. I haven't looked at the code yet, nor have I checked how it's calculated on our production server.. But on my local machine my main concern is that it looks like it's appending sensitive system temp data paths onto the file, like this -

    c-users-my-windows-username-appdata-local-temp-unsplash-unsplash-search-term- unsplashid.jpg

    Sure enough it is storing those in my local user appdata/local/temp as the filename suggests, not the Umbraco AppData folder. I've been manually changing them, as it is a bit of a security concern on our end.

    Any thoughts welcome on how to solve this little issue. I used package installer but happy to pull the source in and modify if that's the easiest approach. Probably boils down to how are you mapping to the "AppData" folder? Server.MapPath("~/AppData") would never do this, so I'm assuming it's some other method?

    Cheers again, awesome job!! -Marc

  • Simon Campbell 25 posts 347 karma points
    Jan 26, 2017 @ 09:36
    Simon Campbell
    0

    Hi Marc,

    That's odd as the plugin should just be using the filename part of the path to actually name the media item.

    It currently uses GetTempPath() to find the folder to download the image to - this must be how your sensitive data is getting in there, but this file is then added to the media library using just the filename as the name (using Path.GetFileNameWithoutExtension()) - confused at why it's not working in your case.

    I will make a change so that the file will be downloaded to the App_Data folder instead (in a Mediastock subfolder).

    Will upload a new version shortly - please test and let me know if your issue is resolved :-)

  • Simon Campbell 25 posts 347 karma points
    Jan 30, 2017 @ 13:30
    Simon Campbell
    0

    Hi Marc,

    Can you confirm whether your issue was resolved please?

    Thanks :-)

  • M N 125 posts 212 karma points
    Feb 10, 2017 @ 19:48
    M N
    0

    Hi Simon,

    Sorry for the delay - Just uninstalled via package manager through back office and when i reinstalled through backoffice I receive

    Wrong Local header signature: 0x474E5089 Exception Details ICSharpCode.SharpZipLib.Zip.ZipException: Wrong Local header signature: 0x474E5089

    Upon further investigation it looks like the the package is a PNG file. Click on "Download Package" here https://our.umbraco.org/projects/backoffice-extensions/media-stock/

  • M N 125 posts 212 karma points
    Feb 10, 2017 @ 19:55
    M N
    0

    Spoke too soon - I was able to install 1.1 with the package file zip at the bottom (the primary Download button still points to a PNG file though).

    I searched for a file, added to library, and here is the stored file name -

    /media/51983/c-bitbucket-removing-my-clients-name-site-app_data-temp-mediastock-unsplash-dog-20170210145116.jpg

    I guess now you know where my bitbucket folder is lol C:\Bitbucket

  • Simon Campbell 25 posts 347 karma points
    Feb 13, 2017 @ 10:03
    Simon Campbell
    0

    Hi Marc,

    Thanks for giving it a try. I've made another change which hopefully will sort it. Let me know if your issue is resolved.

    Also fixed the download link etc, so you will be able to install via Umbraco, and the download link points to the right file. (The GUI to manage a project on here is less than helpful!)

    Many thanks

  • M N 125 posts 212 karma points
    Feb 13, 2017 @ 18:48
    M N
    0

    Thanks Simon,

    Yup this works from the backoffice install package process now.

    The file name, however, still appends the entire path. Just for redundancy sake, I tested this on our production server as well, and the file name's are set to c-inetpub-wwwroot-thepathtothesite.com-wwwroot etc. visible to forward facing users.

    I just dug up something I posted a while back, https://our.umbraco.org/projects/developer-tools/cmsimport/feature-request/81364-absolute-image-url-or-multiple-delimited-urls-imported-as-media-picker-or-multiple-media-picker

    But specifically, this line -

    media.SetValue("umbracoFile", Path.GetFileName(pathToTempLocal), s);

    might help you here? Are you calling this after you Create the media?

  • Simon Campbell 25 posts 347 karma points
    Mar 02, 2017 @ 15:26
    Simon Campbell
    101

    Hi Marc

    Sorry for the delay - I have just uploaded v1.3 which should fix the problem!

    Please can you give it a try and confirm?

  • M N 125 posts 212 karma points
    Mar 02, 2017 @ 15:49
    M N
    0

    Nice one, looks like you sorted this out. Production worthy!

    Thanks a bunch of tackling this, Simon. Have been itching to add this to a handful of client projects..

    If you ever need anything else on this package feel free to hit me up - happy to test and/or collaborate.

    Cheers, and h5yr -Marc

  • Simon Campbell 25 posts 347 karma points
    Mar 02, 2017 @ 15:55
    Simon Campbell
    0

    No problem thanks for testing; would you mind marking the topic as solved for me please? I don't think I can do it myself.

  • M N 125 posts 212 karma points
    Mar 02, 2017 @ 15:56
    M N
    0

    Sure, gave you a h5 as well :)

Please Sign in or register to post replies

Write your reply to:

Draft