Files can now be uploaded to the File System too thanks to uppy.
Welcome to the nuBuilder Forums!
Register and log in to access exclusive forums and content available only to registered users.
Register and log in to access exclusive forums and content available only to registered users.
[Added] uppy - File Uploader
[Added] uppy - File Uploader
You do not have the required permissions to view the files attached to this post.
-
kev1n
- nuBuilder Team
- Posts: 4292
- Joined: Sun Oct 14, 2018 6:43 pm
- Has thanked: 71 times
- Been thanked: 444 times
- Contact:
Re: [Added] uppy - File Uploader
When selecting "File System" from the "Target" dropdown (see screenshot above), nuBuilder adds some default JavaScript code in the HTML field to initialize uppy.
On the server side, the uploading is handled by a procedure called "NUUPLOADFILE_TEMPLATE".
To implement your own logic, clone that procedure, rename it and replace "NUUPLOADFILE_TEMPLATE" in the JS code with the Procedure name.
On the server side, the uploading is handled by a procedure called "NUUPLOADFILE_TEMPLATE".
To implement your own logic, clone that procedure, rename it and replace "NUUPLOADFILE_TEMPLATE" in the JS code with the Procedure name.
You do not have the required permissions to view the files attached to this post.
Re: [Added] uppy - File Uploader
The upload code has been further optimised. One (important) change is the file type checking part.
Using FILEINFO_MIME_TYPE to verify the file type is generally considered more reliable than checking the file extension alone.
Since file extensions are not always a reliable indicator of a file's type, it's possible for a file to have an incorrect or misleading extension, or for multiple file types to share the same extension.
Some file types, such as JPEG and PNG images, can be easily manipulated to include malicious code. By only checking the file extension, it would be possible for an attacker to upload a file with a trusted extension that actually contains malicious code.
On the other hand, FILEINFO_MIME_TYPE checks the actual contents of the file to determine its MIME type. This is a more reliable way to verify the file type, as it is less susceptible to manipulation or spoofing.
The procedure NUUPLOADFILE_TEMPLATE:
The error handling in https://github.com/nuBuilder/nuBuilder-4.5/blob/master/core/nuupload.php has also been improved.
New Uppy JavaScript code:
Using FILEINFO_MIME_TYPE to verify the file type is generally considered more reliable than checking the file extension alone.
Since file extensions are not always a reliable indicator of a file's type, it's possible for a file to have an incorrect or misleading extension, or for multiple file types to share the same extension.
Some file types, such as JPEG and PNG images, can be easily manipulated to include malicious code. By only checking the file extension, it would be possible for an attacker to upload a file with a trusted extension that actually contains malicious code.
On the other hand, FILEINFO_MIME_TYPE checks the actual contents of the file to determine its MIME type. This is a more reliable way to verify the file type, as it is less susceptible to manipulation or spoofing.
The procedure NUUPLOADFILE_TEMPLATE:
Code: Select all
// Allowed file extensions
$allowed = array('png', 'jpg', 'jpeg', 'bmp', 'pdf', 'xlsx', 'xls', 'csv', 'txt', 'docx', 'pptx');
// Maximum file size
$maxfilesize = 5 * 1024 * 1024; // (5 MB)
$filename = nuSanitizeFilename(basename($_FILES['file']['name']));
$target_dir = $_SERVER['DOCUMENT_ROOT']. '/';
$target_file = $target_dir . $filename;
$error = nuTranslate('Sorry, there was an error uploading your file.');
$ext = strtolower(pathinfo($filename, PATHINFO_EXTENSION));
if (!in_array($ext, $allowed)) {
$data = ['error' => $error,
'message' => nuTranslate('Invalid file type')];
$result = json_encode($data);
return;
}
$filesize = $_FILES["file"]["size"];
if ($filesize > $maxfilesize) {
$data = ['error' => $error,
'message' => nuTranslate('File size exceeded')];
$result = json_encode($data);
return;
}
try {
if (move_uploaded_file($_FILES['file']['tmp_name'], $target_file)) {
$data = ['url' => $target_file,
'file' => $filename,
'message' => 'The file ' . $filename . ' has been uploaded.'];
http_response_code(201);
$result = json_encode($data);
} else {
throw new Exception(nuTranslate('Unable to move the uploaded file to its final location:') . $target_file);
}
} catch (\Throwable $th) {
$data = ['message' => $error,
'error' => $th->getMessage()];
$result = json_encode($data);
}New Uppy JavaScript code:
Code: Select all
<div id="#uppy_div#"></div>
<script>
nuInitUppy();
function nuInitUppy() {
const $objId = $('#' + '#this_object_id#');
const target = '#' + '#uppy_div#';
let uppy = new Uppy.Core();
uppy.use(Uppy.Dashboard, {
inline: true,
bundle: true,
height: $objId.cssNumber('height'),
width: $objId.cssNumber('width'),
target: target,
showProgressDetails: true,
replaceTargetContent: true,
method: 'post'
})
.use(Uppy.XHRUpload, {
endpoint: 'core/nuapi.php'
})
uppy.on('file-added', (file) => {
uppy.setMeta({
procedure: 'NUUPLOADFILE_TEMPLATE',
session_id: window.nuSESSION
})
});
uppy.on('complete', (result) => {
if (window.nuOnFileUploadComplete) {
nuOnFileUploadComplete('FS', $objId.attr('id'), result);
}
})
}
</script>
-
kev1n
- nuBuilder Team
- Posts: 4292
- Joined: Sun Oct 14, 2018 6:43 pm
- Has thanked: 71 times
- Been thanked: 444 times
- Contact:
Re: [Added] uppy - File Uploader
Added language support (Use the user's language):
In your current code, swap out this line:
( In newer versions, it's Uppy.Uppy() )
With
Also, the updated nuform.js
and uppy files in /core/libs/uppy from Github are required.
In your current code, swap out this line:
Code: Select all
let uppy = new Uppy.Core();With
Code: Select all
let uppy = nuUppyCreate();and uppy files in /core/libs/uppy from Github are required.