[OzzModz] Attachments Plus

[OzzModz] Attachments Plus 2.0.0 Patch Level 2

No permission to download
I wonder, there is the <footer.... in the template for the attachment list that is supposed to show the percentage of the quota used up in MB or count according to the permission-settings for the group. This never shows....
 
Hiya, a client of mine asked if this can be used to restrict media gallery uploads or not. I think I know the answer (no) but I'd love some confirmation. Thanks :)
 
@Ozzy47 we're getting this error at the logs:
Code:
TypeError: Argument 1 passed to XF\Language::getEffectivePhraseName() must be of the type string, null given, called in /www/sites/site.com/html/src/XF/Language.php on line 108 src/XF/Language.php:194
Generated by: Unknown account Oct 31, 2022 at 12:20 PM
Stack trace
#0 src/XF/Language.php(108): XF\Language->getEffectivePhraseName(NULL)
#1 src/XF.php(807): XF\Language->phrase(NULL, Array, true, true)
#2 src/addons/ThemeHouse/AttachmentsPlus/Pub/Controller/AttachmentManager.php(148): XF::phrase(NULL)
#3 src/addons/ThemeHouse/AttachmentsPlus/Pub/Controller/AttachmentManager.php(94): ThemeHouse\AttachmentsPlus\Pub\Controller\AttachmentManager->assertUserAttachment('281768')
#4 src/XF/Mvc/Dispatcher.php(352): ThemeHouse\AttachmentsPlus\Pub\Controller\AttachmentManager->actionDelete(Object(XF\Mvc\ParameterBag))
#5 src/XF/Mvc/Dispatcher.php(259): XF\Mvc\Dispatcher->dispatchClass('ThemeHouse\\Atta...', 'Delete', Object(XF\Mvc\RouteMatch), Object(ThemeHouse\AttachmentsPlus\Pub\Controller\AttachmentManager), NULL)
#6 src/XF/Mvc/Dispatcher.php(115): XF\Mvc\Dispatcher->dispatchFromMatch(Object(XF\Mvc\RouteMatch), Object(ThemeHouse\AttachmentsPlus\Pub\Controller\AttachmentManager), NULL)
#7 src/XF/Mvc/Dispatcher.php(57): XF\Mvc\Dispatcher->dispatchLoop(Object(XF\Mvc\RouteMatch))
#8 src/XF/App.php(2353): XF\Mvc\Dispatcher->run()
#9 src/XF.php(524): XF\App->run()
#10 index.php(20): XF::runApp('XF\\Pub\\App')
#11 {main}
Request state
array(4) {
  ["url"] => string(44) "/account/th-attachment-manager/281768/delete"
  ["referrer"] => bool(false)
  ["_GET"] => array(1) {
    ["/account/th-attachment-manager/281768/delete"] => string(0) ""
  }
  ["_POST"] => array(0) {
  }
}

Can you fix this bug?
 
Potential Security Issue?

We were running "[TH] Attachments Plus 1.0.1 Patch Level 8" and got reports that attachments from members that were "deleted" were showing up for members that were logged-off as guests.

We updated to this addon hoping it would fix the problem, but unfortunately it remains :(

I think what is happening:
  1. User uploads pics
  2. Only their pics are only visible to them when they go to domain.com/account/th-attachment-manager/
  3. If the member's account is "deleted" the attachments remain in the system?
  4. If a GUEST visits the link, they see all the "deleted" member's pics because those pics are now associated to the main "Guest" account
Hopefully that makes sense?

Anybody else able to duplicate this?
 
Does anyone that has this addon installed, and have members that have uploaded pics and then the account deleted? If so, please check if all the content for that "deleted" member gets moved into associated with "guest" user, and is then available to all non-logged-in / guest visitors?
 
Does anyone that has this addon installed, and have members that have uploaded pics and then the account deleted? If so, please check if all the content for that "deleted" member gets moved into associated with "guest" user, and is then available to all non-logged-in / guest visitors?
im pretty sure that is default behavior....to avoid deleting content but respecting privacy etc
 
im pretty sure that is default behavior....to avoid deleting content but respecting privacy etc
From an xf perspective, this makes sense since the attachments are lightly spread through hundreds of thousands (maybe millions) of posts.
... but having them all in one spot has become challenging, especially when a member asks for deletion and sees all their images together.

I guess the most important question:

When a user is "deleted" and all their attachments are made as "guest", does this addon still respect the permissions of those images. Examples:

1) All images the "guest" uploaded to PM convos will NOT be visible in the addon's "guest" account?
2) All images the "guest" uploaded to private sections of the forum will NOT be visible in the addon's "guest" account?

I don't want a member that posted private pics in private threads or PM's, to then ask for deletion, and then have ALL their images viewable to "guests".

(Note: interestingly enough, logged-in members can't see the list of "guest" images. They have to log-off to see the images that they didn't have access to before)
 
We’ll check it out.
Hi Ozzy, i have to notice one strange behaviour with this addon.

If one user upload an attachment in the post editor, then decide to remove the attachment before send the post online, the attachment remain visible into his personal attachments list view and cannot be deleted by him.
All the other attachments yes, he can delete them.
But all those uploaded and not publish in the post, not.

Is there a way to allow user to delete also these attachments? thanks.
 
Hi Ozzy, i have to notice one strange behaviour with this addon.

If one user upload an attachment in the post editor, then decide to remove the attachment before send the post online, the attachment remain visible into his personal attachments list view and cannot be deleted by him.
All the other attachments yes, he can delete them.
But all those uploaded and not publish in the post, not.

Is there a way to allow user to delete also these attachments? thanks.
Did you manage to solve this?
 
nope, this is out of my possibilities.
The final user cannot delete that. He only can delete the attacchments that publish in a post. If he upload and then remove the attachment without publishing it, it remain permanetly in his attachment list.
Sems a feature "missing" from the add-on.
 
Potential Security Issue?

We were running "[TH] Attachments Plus 1.0.1 Patch Level 8" and got reports that attachments from members that were "deleted" were showing up for members that were logged-off as guests.

We updated to this addon hoping it would fix the problem, but unfortunately it remains :(

I think what is happening:
  1. User uploads pics
  2. Only their pics are only visible to them when they go to domain.com/account/th-attachment-manager/
  3. If the member's account is "deleted" the attachments remain in the system?
  4. If a GUEST visits the link, they see all the "deleted" member's pics because those pics are now associated to the main "Guest" account
Hopefully that makes sense?

Anybody else able to duplicate this?

Attachements page has to be accessable only by registered users.

Hi Ozzy, i have to notice one strange behaviour with this addon.

If one user upload an attachment in the post editor, then decide to remove the attachment before send the post online, the attachment remain visible into his personal attachments list view and cannot be deleted by him.
All the other attachments yes, he can delete them.
But all those uploaded and not publish in the post, not.

Is there a way to allow user to delete also these attachments? thanks.

Users need an option to delete their attachements at any time they want.

@Ozzy47 these are high level problems, can we get fix, please?
 
Does this template modification still work (i.e. replace the 'trash can' delete icon with "a 'copy & paste' command instead with images wrapped in a IMG tag and non-images wrapped in an ATTACH tag.")?
 
Back
Top Bottom