Announcement

Collapse
No announcement yet.

Upload error in 7.01.0009

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Upload error in 7.01.0009

    I mentioned some serious error already in version 6 in the uploads. Wand law and behold the exact same bugs are in 7.
    I create a form called form_SCRIPTCASE_SC_UPLOAD with a database field called FILENAME, thus a form_SCRIPTCASE_SC_UPLOAD.php is generated.
    This form is a single record form.

    This generated file then has the following code in the first lines:
    Code:
    <?php
    //
       include_once('form_SCRIPTCASE_SC_UPLOAD_session.php');
       @session_start() ;
       $_SESSION['scriptcase']['form_SCRIPTCASE_SC_UPLOAD']['glo_nm_perfil']          = "conn_oracle";
       $_SESSION['scriptcase']['form_SCRIPTCASE_SC_UPLOAD']['glo_nm_path_prod']       = "";
       $_SESSION['scriptcase']['form_SCRIPTCASE_SC_UPLOAD']['glo_nm_path_imagens']    = "";
       $_SESSION['scriptcase']['form_SCRIPTCASE_SC_UPLOAD']['glo_nm_path_imag_temp']  = "";
       $_SESSION['scriptcase']['form_SCRIPTCASE_SC_UPLOAD']['glo_nm_path_doc']        = "";
    //
    further on on line 273 in my case the following code is generated this code basically says if the upload path is empty (which is always): since I can not set glo_nm_path_doc, it is created in the first lines with no setting possibility. So it is always pointing to the _lib/file/doc path
    Code:
          //check doc
          if(empty($_SESSION['scriptcase']['form_SCRIPTCASE_SC_UPLOAD']['glo_nm_path_doc']))
          {
                  /*check doc*/$_SESSION['scriptcase']['form_SCRIPTCASE_SC_UPLOAD']['glo_nm_path_doc'] = $str_path_apl_dir . "_lib/file/doc";
          }
    Around line 285 we see this:
    Code:
          $this->path_prod       = $_SESSION['scriptcase']['form_SCRIPTCASE_SC_UPLOAD']['glo_nm_path_prod'];
          $this->path_imagens    = $_SESSION['scriptcase']['form_SCRIPTCASE_SC_UPLOAD']['glo_nm_path_imagens'];
          $this->path_imag_temp  = $_SESSION['scriptcase']['form_SCRIPTCASE_SC_UPLOAD']['glo_nm_path_imag_temp'];
          $this->path_doc        = $_SESSION['scriptcase']['form_SCRIPTCASE_SC_UPLOAD']['glo_nm_path_doc'];
          if (!isset($_SESSION['scriptcase']['str_lang']) || empty($_SESSION['scriptcase']['str_lang']))
    So here $this->path_doc is set to what is determined on line 273, hence it is set to $str_path_apl_dir . "_lib/file/doc"


    On line 451 the following code is generated.
    Here the
    Code:
          $_SESSION['sc_session'][$this->sc_page]['form_SCRIPTCASE_SC_UPLOAD']['path_doc'] = $this->path_doc; 
          $_SESSION['scriptcase']['nm_path_prod'] = $this->root . $this->path_prod . "/"; 
          $_SESSION['scriptcase']['nm_root_cep']  = $this->root; 
          $_SESSION['scriptcase']['nm_path_cep']  = $this->path_cep;
    Here $_SESSION['sc_session'][$this->sc_page]['form_SCRIPTCASE_SC_UPLOAD']['path_doc'] is also pointing to $str_path_apl_dir . "_lib/file/doc"



    Then on line 549 is my OnApplicationInit:
    Code:
          if (isset($_SESSION['sc_session'][$this->sc_page]['form_SCRIPTCASE_SC_UPLOAD']['initialize']) && $_SESSION['sc_session'][$this->sc_page]['form_SCRIPTCASE_SC_UPLOAD']['initialize'])  
          { 
              $_SESSION['scriptcase']['form_SCRIPTCASE_SC_UPLOAD']['contr_erro'] = 'on';
     echo "OnApplicationInit";
    $_SESSION['scriptcase']['form_SCRIPTCASE_SC_UPLOAD']['contr_erro'] = 'off'; 
              $_SESSION['sc_session'][$this->sc_page]['form_SCRIPTCASE_SC_UPLOAD']['initialize'] = false;
          }
    So basically $_SESSION['sc_session'][$this->sc_page]['form_SCRIPTCASE_SC_UPLOAD']['path_doc'] variable and $this->path_doc variable have already been set the _lib/..... dir.
    But I want it to point to MY dir, e.g. c:/documentstorage

    In order to be able to do that properly all I can do is set:
    $_SESSION['sc_session'][$this->sc_page]['form_SCRIPTCASE_SC_UPLOAD']['path_doc'] and $this->path_doc in my OnApplicationInit code in order to have the file uploader work as I want it.
    So for example I would want $_SESSION['scriptcase']['form_SCRIPTCASE_SC_UPLOAD']['glo_nm_path_doc'] = "c:/documentstorage";
    This still looks like a serious bug that was never fixed even tho I gave all the details already in version 6.

    There are various ways to fix this on YOUR side:
    Solution 1: introduce a way to set the variables in the first line, e.g. by setting it somewhere in the app constants and then initialising with it.
    Solution 2: have the section of line 285 NOT occur before the OnApplicationInit place (line 549) so either move OnApplicationInit forward or that code around line 285 after the OnApplicationInit
    Solution 3: introduce a path setting with the document file type that can override the settings and have it set in the beginning of the code when it is generated. So the first lines would become:
    Code:
    <?php
    //
       include_once('form_SCRIPTCASE_SC_UPLOAD_session.php');
       @session_start() ;
       $_SESSION['scriptcase']['form_SCRIPTCASE_SC_UPLOAD']['glo_nm_perfil']          = "conn_oracle";
       $_SESSION['scriptcase']['form_SCRIPTCASE_SC_UPLOAD']['glo_nm_path_prod']       = "";
       $_SESSION['scriptcase']['form_SCRIPTCASE_SC_UPLOAD']['glo_nm_path_imagens']    = "";
       $_SESSION['scriptcase']['form_SCRIPTCASE_SC_UPLOAD']['glo_nm_path_imag_temp']  = "";
       $_SESSION['scriptcase']['form_SCRIPTCASE_SC_UPLOAD']['glo_nm_path_doc']        = "c:/documentstorage";
    //
    I have included the generated file so that you can easily see that I am right in this.
    please fix this bug so that I can easily change a path when needed!!

    We are paying enough money for this to have it fixed and I bet that I am not the only one that has this issue.
    Attached Files

  • #2
    Hello,

    I will contact our bugs team regarding this issue.

    regards,
    Bernhard Bernsmann

    Comment


    • #3
      Is there any progress on this??? I did report it already in V6.
      I also gave more then enough details on how and where to fix it. I wish this part wasnt zend encoded otherwise I would have fixed it myself.

      Comment


      • #4
        And now the next bug in the uploader.
        The exact same form with multiple records as before.
        With the fields NR (autonumber froma sequence),SUBFOLDER a subfolder where I want to save thus not visible in the table, FILENAME the filename, REMARK as some text, LASTUPDATE as a datetime field
        FILENAME has subfolder called: [sc_upload_folder]
        The following event where I want to block an upload that already exists, which generally doesnt occur.
        Code:
        OnBeforeInsert:
        //check if the file already exists if so then dont upload
        if (file_exists($_SESSION['scriptcase']['grid_filestorage']['glo_nm_path_doc'].[sc_upload_folder].{FILENAME})){
        	sc_error_message('This one already exists:' . {FILENAME} . "\r\n");
        };
        I also want to delete the file AFTER I deleted the record (before would be ok too that code is basically the same.
        Code:
        OnAfterDelete:
        echo $_SESSION['scriptcase']['grid_filestorage']['glo_nm_path_doc'].[sc_upload_folder];
        echo '<br>';
        echo {FILENAME};
        echo '<br>';
        if (file_exists($_SESSION['scriptcase']['grid_filestorage']['glo_nm_path_doc'].[sc_upload_folder].{FILENAME})){
        	unlink($_SESSION['scriptcase']['grid_filestorage']['glo_nm_path_doc'].[sc_upload_folder].{FILENAME});
        };
        No I have my page before me and I do the following things:
        Press the new button to create a new record
        Upload a file
        Confirm the upload with the little icon with an arrow up, I check the server directory and see the file is uploaded where I want it.
        Then I want to delete the file without!! leaving the page
        I get the following result from OnAfterDelete:
        c:/storage/acc/mutform/109/
        C:/UniServer/www/acc/hrm/mutformsc7/_lib/tmp/sc_6ffe6419_TestVersie.bmp
        Hence my {FILENAME} is seriously screwed up!!! It should be: TestVersie.bmp
        The file therefore doesnt get deleted, hence a bug.

        If I use the following sequence:
        Press the new button to create a new record
        Upload a file
        Confirm the upload with the little icon with an arrow up, I check the server directory and see the file is uploaded where I want it.
        I leave the page via the button
        Then I go back to the page
        I get the following result from OnAfterDelete:
        c:/storage/acc/mutform/109/
        TestVersie.bmp
        Now it is correct!!! It should be: TestVersie.bmp
        The file therefore does get deleted.

        For people that want to know how to store their files somewhere else due to the bug I mentioned in the first post you have to do the following:
        Grab your php page in my case: grid_filestorage.php (so not any of the grid_filestorage_.....php pages).
        In the first couple of lines there is a line:
        Code:
           $_SESSION['scriptcase']['grid_filestorage']['glo_nm_path_doc']        = "";
        change that to the path where you want to store your own data
        Code:
           $_SESSION['scriptcase']['grid_filestorage']['glo_nm_path_doc']        = "c:/storage/";
        This grid_filestorage is of course the name of my application.

        Be aware tho that your webserver MUST HAVE the proper rights to reach that c:/storage for create,read,write
        The advantage is that nobody can get with it via a smart http path guessing and hence your documents are properly protected. It would be really really stupid to store your documents in the $str_path_apl_dir . "_lib/file/doc" dir where anybody can download them. To block that you'd have to disable downloads on that dir by changing your .htaccess files (for example).;

        So please get this fixed asap (like yesterday!!)
        Last edited by rr; 11-14-2013, 11:33 AM.

        Comment


        • #5
          I forgot another stupid bug which is in the uploader field:
          If I upload a file with a special character then it gets uploaded, for example 'R&D_document.doc'
          Yet when I want to download it, I get an error that it can not be downloaded, the cause is the & sign. So here you have the next bug to fix....
          It goes well if there are no special characters. So I can choose to circumvent that bug by renaming the file and renaming the FILENAME in database record.
          or I can yet again try to find where this blooper is made and fix the code.
          Last edited by rr; 11-14-2013, 11:32 AM.

          Comment


          • #6
            It also looks that the clearing of the uploaded files in the temp dir also is working bad.

            Comment


            • #7
              Hello rr,

              I will contact our bugs team again regarding the issue.

              thanks.

              Comment


              • #8
                Hi Bartho,

                As rr is a direct collegue I will follow this issue carefully. I find it unbelievable that this issue which I (we) have reported over and over again and which is one of the best documented bugs is still not solved and persists since version 6. This bug is over one year old! A real shame!
                Albert Drent
                aducom software netherlands
                scriptcase partner, reseller, support and (turn-key) development
                www.scriptcase.eu / www.scriptcase.nl

                Comment


                • #9
                  And yet there is another bug found.
                  If I upload a file 'This is a file with spaces.txt' then on download it is named 'This+is+a+file+with+spaces.txt'
                  ??? Odd.. I am working on a seperate uploader now. There are basically too many bugs.
                  And I know the upload php script that is being used in scriptcase is already outdated as well...

                  I have my eyes now on Mini AJAX Upload Form combined with encode explorer which I can basically change to not allow subdirs.
                  All I then need is to get them connected with scriptcase in such a way that the paths are not directly accessible form the outside (check scriptcase session and so on).

                  Comment


                  • #10
                    Originally posted by rr View Post
                    And yet there is another bug found.
                    If I upload a file 'This is a file with spaces.txt' then on download it is named 'This+is+a+file+with+spaces.txt'
                    ??? Odd.. I am working on a seperate uploader now. There are basically too many bugs.
                    And I know the upload php script that is being used in scriptcase is already outdated as well...

                    I have my eyes now on Mini AJAX Upload Form combined with encode explorer which I can basically change to not allow subdirs.
                    All I then need is to get them connected with scriptcase in such a way that the paths are not directly accessible form the outside (check scriptcase session and so on).
                    Besides that fact that we are currently working on another upload solution doesn't mean that this issue can get a low priority status at scriptcase now. I think that this issue needs to be addressed, solved and deployed A.S.A.P. This bug is over a year old now and **needs to be fixed!!!**
                    Albert Drent
                    aducom software netherlands
                    scriptcase partner, reseller, support and (turn-key) development
                    www.scriptcase.eu / www.scriptcase.nl

                    Comment


                    • #11
                      Originally posted by aducom View Post
                      Hi Bartho,

                      As rr is a direct collegue I will follow this issue carefully. I find it unbelievable that this issue which I (we) have reported over and over again and which is one of the best documented bugs is still not solved and persists since version 6. This bug is over one year old! A real shame!
                      Hello Albert,

                      I will address this issue with our bugs team.

                      Thanks!

                      Comment


                      • #12
                        There we go again, another set of bugs..
                        When I upload a file with an & in it then I can upload it properly but I can not download it. & gets replaced by **ECom** when I download it.
                        When I upload a file with a + in it then I can not upload it.
                        When I upload a file with a space in it then I can up and download it.
                        When I upload a file with a # in it then I can upload it but not download it, # gets replaced by **JVel**
                        When I upload a file with a % in it then I can not upload it.
                        When I upload a file with a in it then I can not upload it.
                        When I upload a file with a in it then I can not upload it.
                        etc...
                        I guess nobody there ever heard about url encoding??

                        Comment


                        • #13
                          Good Day,

                          After update 7.1.0010 I cannot upload any files using Mozilla, Firefox or Chrome. I have a project that I need to release to a client and was put on hold of this.

                          Any advice how to temporally fix this.

                          Comment


                          • #14
                            Hello Bartho,
                            You probably do not have the power at SC to do this on your own, but seems like it would be good public relations if SC would just maintain a public list of issues like this - with some sort of status. Such a list could simply link to one or more forum posts related - you could be the logical one to actually do that.

                            The list might be for paid users only - that way few people would have access if that makes SC more comfortable.

                            I know SC is closed source , and that is fine. You guys may be inclined to keep bugs and issues closed, but what is happening is that this forum (and other forms of communication we users use together) have postings like this anyway. And they are persistent... they never go away. It would be so much better for SC if you could post something like, logged this as issue #1234. When it was resolved, you could always go back and tag the forum with an issue #1234 is resolved in release xyz.

                            Don't get me wrong, I REALLY REALLY like SC. It is great. But this is not indicative of long-term health for SC. We users want SC to be around for a long time and to be getting better and better. Seems like this is a logical request. I would be happy to communicate with you or your team or management further if that would be useful to get a tracking system in place. Hey, you could have a contest - to build the best issue tracker - open to all SC users - first prize is a free support package????

                            Bartho, please let me know your thoughts on this. Thanks,
                            Hope you all have a great day
                            Jamie

                            Comment


                            • #15
                              Uh oh, no upload on 7.1.0010? I'd better back up before I even try to update...
                              Have you tried the simplest of the simplest version (form with multiple records is what I use).
                              I have been digging really deep into the upload problems.
                              So for a temp fix I have this the following. Say for example you app is named grid_filestorage then once you generate the code you get a bundle of php files. You need then to check grid_filestorage.php
                              and grid_filestorage_apl.php. The grid_filestorage.php is the main file where the upload is handled.
                              If you run the upload and you do an upload you should get the OnBeforeInsert an OnafterInsert events. With your OnAfterInsert event you should already be able to see if your file has arrived.
                              Check out the pieces of code that handle path_doc, here you ought to do your main checks. Are you fully sure that the files dont just come at another place then where you think? Due to bugs in the uploader that is (ab)normally happening.

                              Comment

                              Working...
                              X