YAFLogo

tecman
  • tecman
  • 100% (Exalted)
  • YAF All-the-Time Topic Starter
3 years ago
Neither we, nor our customers can download attachments from our forum anymore. When we click any attachment (link) to download it, we get a simple text page in the browser with the following error message:

You have insufficient rights to download this resource. Contact forum administrator for further details.[/qoute]

Actually this is the exact contents of the resource.ashx file we are redirected to (for example, ourdomain.com/forum/resource.ashx?a=118&b=1).

What it could be? We did not make any changes in the forum for a long time - since the day we upgraded to v2.31.14.

Sponsor
tha_watcha
  • tha_watcha
  • 100% (Exalted)
  • YAF.NET Project Lead 🤴 YAF Version: 4.0.0 rc 2
3 years ago
The message would only show up if the user has now download access. Make sure for the user group the download access is set to true, for the specific forum.

It also could be an issue with the new mime types checker. What is the file extension, of the attachment?

tecman
  • tecman
  • 100% (Exalted)
  • YAF All-the-Time Topic Starter
3 years ago
Registered forum users has Member Access, which allows file downloads.

And it seems, we can't download attachments of any type - be it reg, bat or even a zip file.

How to check whether the new mime types checker is the culprit of this problem?

tha_watcha
  • tha_watcha
  • 100% (Exalted)
  • YAF.NET Project Lead 🤴 YAF Version: 4.0.0 rc 2
3 years ago
Yes that's the issue. Reg and bat are not on the list yet. Also zip can have different mime types. Thats why it might not work, depending on what zip Programm is used.
tecman
  • tecman
  • 100% (Exalted)
  • YAF All-the-Time Topic Starter
3 years ago
We MUST have the ability to configure that list (inclusion/exclusion). Or at least turn that check completely off.

Do you understand that you broke our infrastructure with this mime type check update?? Now we can't communicate with our customers the normal way, and their normal work stopped too. The reg and bat files stored on the forum are required by our customers. They have been downloading them from the forum, but now they attack us with their emails asking "send me urgently this and this".

If theire is no simple switch to turn mime type check off, tell me how to modify the source code to turn that off.

tha_watcha
  • tha_watcha
  • 100% (Exalted)
  • YAF.NET Project Lead 🤴 YAF Version: 4.0.0 rc 2
3 years ago
I understand the problem. But This version was released 4 month ago. Its odd that you rpeored the issue now.

However the issue has been already fixed. New version is online...

https://github.com/YAFNET/YAFNET/releases/tag/v2.31.16 

Mime Types are now defined under ../Resources/mimeTypes.json

Also if the Mime type is not found it will ne logged in the Event Log, with the Extension and the Mime type

P.S: if you modify the json file then you need to restart the application.

tecman
  • tecman
  • 100% (Exalted)
  • YAF All-the-Time Topic Starter
3 years ago
I've just installed v2.31.16. Hoorrrayyyy - attachment download works!!

What can we do with that mimeTypes.json? How is it processed by the forum engine?

tha_watcha
  • tha_watcha
  • 100% (Exalted)
  • YAF.NET Project Lead 🤴 YAF Version: 4.0.0 rc 2
3 years ago
It will be used when uploading/downloading an attachment. To make sure that the file extension matches the mime type. Otherwise it would be possible to upload and execute malicous code.
tecman
  • tecman
  • 100% (Exalted)
  • YAF All-the-Time Topic Starter
3 years ago
I do not understand how this mime type check could prevent normal downloading of attachments in YAF 2.31.14. Was it a bug?
tha_watcha
  • tha_watcha
  • 100% (Exalted)
  • YAF.NET Project Lead 🤴 YAF Version: 4.0.0 rc 2
3 years ago

I do not understand how this mime type check could prevent normal downloading of attachments in YAF 2.31.14. Was it a bug?

Originally Posted by: tecman 

I did already wrote above that if the extension is not listed the download would be rejected.

tecman
  • tecman
  • 100% (Exalted)
  • YAF All-the-Time Topic Starter
3 years ago
Sorry if I missed this.

So we need to trace all files uploaded to our forum by all users and add new mime types to that json every time when a new extension appears to make download available now? A very controversial decision...

We definitely need a switch in settings to turn this off. And I would have this turned off by default.

tha_watcha
  • tha_watcha
  • 100% (Exalted)
  • YAF.NET Project Lead 🤴 YAF Version: 4.0.0 rc 2
3 years ago
How many new extensions do you add every day. Sounds like you add 100 every day.

The most common file types are already in the list.

I really don't understand the problem.

tecman
  • tecman
  • 100% (Exalted)
  • YAF All-the-Time Topic Starter
3 years ago
I do not know what files add my customers, so in the general case I must track all these uploads...
tha_watcha
  • tha_watcha
  • 100% (Exalted)
  • YAF.NET Project Lead 🤴 YAF Version: 4.0.0 rc 2
3 years ago

I do not know what files add my customers, so in the general case I must track all these uploads...

Originally Posted by: tecman 

Yes you do know. Only the file types which are allowed can be uploaded. At the can only defined be the admin, not a regular user!

tecman
  • tecman
  • 100% (Exalted)
  • YAF All-the-Time Topic Starter
3 years ago
So myusers need to contact me first if they can't upload their files. Very good...