lfiore / upld Goto Github PK
View Code? Open in Web Editor NEWPHP short URL image upload / image hosting script with user accounts feature
Home Page: http://upld.uk
License: MIT License
PHP short URL image upload / image hosting script with user accounts feature
Home Page: http://upld.uk
License: MIT License
It will be good if you can add way of drag-and-drop or paste from clipboard.
Hello maintainer(s),
I am a security researcher from the Institute of Application Security at TU Braunschweig, Germany. We discovered a (potential) security vulnerability in your project.
We would like to report this vulnerability to you in a responsible and ethical manner.
Therefore, we do not want to disclose any details of the vulnerability publicly until you have had a chance to review and fix it.
Could you please let us know your prefered way of receiving security reports?
You can contact us at [email protected] or by replying to this issue.
Thank you for your attention and cooperation.
I was wondering, would it be possible to rescan the image folder?
Hypothetically: if the database got corrupted and needed to be wiped, the images are still there but not showing up since they're not in the database. Also there's no database backup.
Then it would be great if you could do like a scan that puts them into the database again. I guess all of them would then be assigned to one specific account (like the admin account), but it's better than having to re-upload everything again, getting new ID's and such.
e.g. ban feature did not use CSRF token to protect.
I can construct the url http://somewhere.com/ban.php?id=1
and embed it as an image. Once an admin is tricked to visit the page, it will cause the server to begin deleting someone's images.
Suggestion: any action to be performed other than read should be verified against a valid CSRF token.
More details:
https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)
Hello!
I've been having some weird issues.
When I run upld in a closed environment, I have no problems at all with registering and logging in users.
But when I recreate everything on my actual webserver, I can register users, but I cannot login users. No idea why.
Also, in the database it says the wrong IP adress of the user (me in this case). I haven't done anything weird as far as I know, I use basically the exact same system in both cases.
Any idea as to why this happens?
Looks like we need to add a mail configuration to verify registration.
Hello,
How can I setup friendly urls when using nginx?
Thanks you
add a config option to disable anonymous upload.
Admin needs to be able to administer all accounts with options to delete images and ban the user/s.
Everything else is fantastic.
Just seems to be missing this important feature in my opinion.
provide a configuration option to allow hotlinking only from certain websites, not all the internet.
this way, every admin can create such a hosting site for it's own websites.
it would be useful to add google recaptcha to the login and register forms, maybe even to the upload form.
instructions here: https://www.google.com/recaptcha/admin and here: https://developers.google.com/recaptcha/docs/invisible
option should be enabe/disable from config or an admin page and provide a field for the recaptcha key.
admin to view all image and can config image perpage to view.
array/Sort by upload time (New before Old).
is there a option to add extension like .zip for upload?
The fonts.googleapis.com reference in css/upload.css uses the http:// protocol - I have made my selfhosted version use //fonts.googleapis.com in order to prevent browser warnings.
Warning: imagecopyresized() expects parameter 1 to be resource, integer given in /var/www/html/upld/inc/moderate.php on line 148
Warning: imagejpeg() expects parameter 1 to be resource, integer given in /var/www/html/upld/inc/moderate.php on line 151
Warning: imagedestroy() expects parameter 1 to be resource, integer given in /var/www/html/upld/inc/moderate.php on line 152
file inc/moderate.php line# 143
$new_thumb = imagecolorallocate($thumb, 0, 0, 0);
imagecolortransparent($thumb, $new_thumb);
to
if (imagecolortransparent($thumb) <> -1)
{
$new_thumb = imagecolorallocate($thumb, 0, 0, 0);
imagecolortransparent($thumb, $new_thumb);
}
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.