[OzzModz] Attachments Plus

[OzzModz] Attachments Plus 2.0.0 Patch Level 2

No permission to download
Overview Updates (2) Reviews (2) History Discussion
I wonder, there is the <footer.... in the template for the attachment list that is supposed to show the percentage of the quota used up in MB or count according to the permission-settings for the group. This never shows....
 
Hiya, a client of mine asked if this can be used to restrict media gallery uploads or not. I think I know the answer (no) but I'd love some confirmation. Thanks :)
 
@Ozzy47 we're getting this error at the logs:
Code: 
TypeError: Argument 1 passed to XF\Language::getEffectivePhraseName() must be of the type string, null given, called in /www/sites/site.com/html/src/XF/Language.php on line 108 src/XF/Language.php:194
Generated by: Unknown account Oct 31, 2022 at 12:20 PM
Stack trace
#0 src/XF/Language.php(108): XF\Language->getEffectivePhraseName(NULL)
#1 src/XF.php(807): XF\Language->phrase(NULL, Array, true, true)
#2 src/addons/ThemeHouse/AttachmentsPlus/Pub/Controller/AttachmentManager.php(148): XF::phrase(NULL)
#3 src/addons/ThemeHouse/AttachmentsPlus/Pub/Controller/AttachmentManager.php(94): ThemeHouse\AttachmentsPlus\Pub\Controller\AttachmentManager->assertUserAttachment('281768')
#4 src/XF/Mvc/Dispatcher.php(352): ThemeHouse\AttachmentsPlus\Pub\Controller\AttachmentManager->actionDelete(Object(XF\Mvc\ParameterBag))
#5 src/XF/Mvc/Dispatcher.php(259): XF\Mvc\Dispatcher->dispatchClass('ThemeHouse\\Atta...', 'Delete', Object(XF\Mvc\RouteMatch), Object(ThemeHouse\AttachmentsPlus\Pub\Controller\AttachmentManager), NULL)
#6 src/XF/Mvc/Dispatcher.php(115): XF\Mvc\Dispatcher->dispatchFromMatch(Object(XF\Mvc\RouteMatch), Object(ThemeHouse\AttachmentsPlus\Pub\Controller\AttachmentManager), NULL)
#7 src/XF/Mvc/Dispatcher.php(57): XF\Mvc\Dispatcher->dispatchLoop(Object(XF\Mvc\RouteMatch))
#8 src/XF/App.php(2353): XF\Mvc\Dispatcher->run()
#9 src/XF.php(524): XF\App->run()
#10 index.php(20): XF::runApp('XF\\Pub\\App')
#11 {main}
Request state
array(4) {
  ["url"] => string(44) "/account/th-attachment-manager/281768/delete"
  ["referrer"] => bool(false)
  ["_GET"] => array(1) {
    ["/account/th-attachment-manager/281768/delete"] => string(0) ""
  }
  ["_POST"] => array(0) {
  }
}

Can you fix this bug?
 
Potential Security Issue?

We were running "[TH] Attachments Plus 1.0.1 Patch Level 8" and got reports that attachments from members that were "deleted" were showing up for members that were logged-off as guests.

We updated to this addon hoping it would fix the problem, but unfortunately it remains :(

I think what is happening:
  1. User uploads pics
  2. Only their pics are only visible to them when they go to domain.com/account/th-attachment-manager/
  3. If the member's account is "deleted" the attachments remain in the system?
  4. If a GUEST visits the link, they see all the "deleted" member's pics because those pics are now associated to the main "Guest" account
Hopefully that makes sense?

Anybody else able to duplicate this?
 
Does anyone that has this addon installed, and have members that have uploaded pics and then the account deleted? If so, please check if all the content for that "deleted" member gets moved into associated with "guest" user, and is then available to all non-logged-in / guest visitors?
 
ProCom said:
Does anyone that has this addon installed, and have members that have uploaded pics and then the account deleted? If so, please check if all the content for that "deleted" member gets moved into associated with "guest" user, and is then available to all non-logged-in / guest visitors?
Click to expand...
im pretty sure that is default behavior....to avoid deleting content but respecting privacy etc
 
Iggy said:
im pretty sure that is default behavior....to avoid deleting content but respecting privacy etc
Click to expand...
From an xf perspective, this makes sense since the attachments are lightly spread through hundreds of thousands (maybe millions) of posts.
... but having them all in one spot has become challenging, especially when a member asks for deletion and sees all their images together.

I guess the most important question:

When a user is "deleted" and all their attachments are made as "guest", does this addon still respect the permissions of those images. Examples:

1) All images the "guest" uploaded to PM convos will NOT be visible in the addon's "guest" account?
2) All images the "guest" uploaded to private sections of the forum will NOT be visible in the addon's "guest" account?

I don't want a member that posted private pics in private threads or PM's, to then ask for deletion, and then have ALL their images viewable to "guests".

(Note: interestingly enough, logged-in members can't see the list of "guest" images. They have to log-off to see the images that they didn't have access to before)
 
Ozzy47 said:
We’ll check it out.
Click to expand...
Hi Ozzy, i have to notice one strange behaviour with this addon.

If one user upload an attachment in the post editor, then decide to remove the attachment before send the post online, the attachment remain visible into his personal attachments list view and cannot be deleted by him.
All the other attachments yes, he can delete them.
But all those uploaded and not publish in the post, not.

Is there a way to allow user to delete also these attachments? thanks.
 
MediaFolSupport said:
Hi Ozzy, i have to notice one strange behaviour with this addon.

If one user upload an attachment in the post editor, then decide to remove the attachment before send the post online, the attachment remain visible into his personal attachments list view and cannot be deleted by him.
All the other attachments yes, he can delete them.
But all those uploaded and not publish in the post, not.

Is there a way to allow user to delete also these attachments? thanks.
Click to expand...
Did you manage to solve this?
 
nope, this is out of my possibilities.
The final user cannot delete that. He only can delete the attacchments that publish in a post. If he upload and then remove the attachment without publishing it, it remain permanetly in his attachment list.
Sems a feature "missing" from the add-on.
 
ProCom said:
Potential Security Issue?

We were running "[TH] Attachments Plus 1.0.1 Patch Level 8" and got reports that attachments from members that were "deleted" were showing up for members that were logged-off as guests.

We updated to this addon hoping it would fix the problem, but unfortunately it remains :(

I think what is happening:
  1. User uploads pics
  2. Only their pics are only visible to them when they go to domain.com/account/th-attachment-manager/
  3. If the member's account is "deleted" the attachments remain in the system?
  4. If a GUEST visits the link, they see all the "deleted" member's pics because those pics are now associated to the main "Guest" account
Hopefully that makes sense?

Anybody else able to duplicate this?
Click to expand...

Attachements page has to be accessable only by registered users.

MediaFolSupport said:
Hi Ozzy, i have to notice one strange behaviour with this addon.

If one user upload an attachment in the post editor, then decide to remove the attachment before send the post online, the attachment remain visible into his personal attachments list view and cannot be deleted by him.
All the other attachments yes, he can delete them.
But all those uploaded and not publish in the post, not.

Is there a way to allow user to delete also these attachments? thanks.
Click to expand...

Users need an option to delete their attachements at any time they want.

@Ozzy47 these are high level problems, can we get fix, please?
 
You must log in or register to reply here.

Similar threads

Ozzy47
[OzzModz] Delete Attachments Permissions
Replies
2
Views
144
Ozzy47
Ozzy47
Ozzy47
[OzzModz] Pre-Registration Attachments [Paid]
Replies
1
Views
182
Ozzy47
Ozzy47
Ozzy47
[OzzModz] Attachment Photo Metadata [Paid]
Replies
3
Views
208
Ozzy47
Ozzy47
Ozzy47
[OzzModz] User Profile Music [Paid]
Replies
8
Views
362
Chernabog
Chernabog
T
  • Question Question
MG 2.2 Maximum allowed storage
Replies
4
Views
711
Timmie
T
Top Bottom