Suggestions

From Relay

Jump to: navigation, search

Security

I created an interesting cgi overload which allowed relay to get file but stopped users getting to the directory via their browsers. The .htaccess line was:

"Redirect index.html ../../error docs/403.php"

The .htaccess file was located in the users root folder which stopped access to all subfolders as well. I just happened to stumble accross it accidently when messing around myself!

Email To

If you only want your users to email files from a certain address (local) for example no_reply@site.com, you can edit the relay.html file as shown below on line 145:

<input type="hidden" id="emailFormFrom" value="no_reply@site.com" disabled="disabled" />

Basically you just hide the email from input and remove its layout table.

Select Folder Before Upload

I added in: file js/relay.js , line 846 inside uploadAuth() 

if(!FC.SELECTEDOBJECT) { alert("Please, first select a destination folder on the right."); return false;}

MYSQL Password Exposure

conf.inc.php get's created with <? starting tag. When short tags is turned off the include statement of this file will echo the contents of the file and expose the mysql password. Use <?php instead!

Show file creation date

I needed to show the original file creation or modification date. The system originally shows date from when the folder is opened for the first time. Change in mysql the following field: in the table filesystem > date and set it to datetime type.

In the relay.php file line 947 at the following line of code there: $date = date ("Y-m-d H:i:s", filemtime($folderpath.'/'.$filename)); Change the following line: 954 $query = "insert into $GLOBALS[tablePrefix]filesystem set id=\"$fileid\",filename=\"$filename\",path=\"$folderpath\",rpath=\"$realitivePath\",type=\"$type\",size=\"$size\"";

to: $query = "insert into $GLOBALS[tablePrefix]filesystem set id=\"$fileid\",filename=\"$filename\",path=\"$folderpath\",date=\"$date\",rpath=\"$realitivePath\",type=\"$type\",size=\"$size\"";

by: LazyAdmin

Suggestion 7: dashboard css should allow more space. If an upload is large enough, it goes to hours, and then ETA time overwrites upload bitrate - it all becomes a mess. I edited several places the css so that it would not happen. Also, long files names overwrite date. "date" in realy.css could be 70% instead of 50%, if the width of the filelist is increased, which I did too. (SM)

Suggestion 8: allow upload status to indicate KBs uploaded (I've done it. You need to edit the upload.pl file to add bytes left to the stats file; edit relay.php to parse that extra field into JSON; edit js/relay.js to present it to the user (SM))

Suggestion 9: I guess it's impossible without java on the client, but what about "resume upload"?

Suggestion 10: The ability to set a maximum file size.

Suggestion 11: The ability to upload zip files, and choose a directory to unzip them to. This would be a huge plus.

Suggestion 13: Select several files to move/delete them

Suggestion 14: Order items by date, name or so would be awesome

Suggestion 15: Nice script but would be awesome to have a sharing feature: set some files as Public with a download link valid a certain amount of times

Suggestion 16: Display the uploader username at file information

Suggestion 17: Allow downloading entire folders as zip files (or just adding folders to the download cart)

Suggestion 18: Confirm file deletion (idem folder)

Suggestion 19: Make an option so that the entire (or a part of the) file structure is avalible without logging in, and have the login box in the corner or somthing. Similar to suggestion 15. If there is a way to do this easily please email me at odindutton [at] gmail [dot] com. Thanks.

Suggestion 20: Folder upload

Suggestion 21: After uploading .zip .tar.gz .tar.bz2 .tgz or other archive-files allow unpacking in place.

Suggestion 22: A button for sending a link to a file via email (no attachment). This is similar to suggestion 15.

Suggestion 23: Make the root virtual directory selected by default for the upload section, the actual behavior forces you to select a folder first, and if the user fails to do this the upload button does nothing (not even notify the user about the problem), which is confusing for some people.

Suggestion 24: Use the actual user's info (name/email) as default for sending email via the 'email to' section.

Suggestion 25: Ability to authenticate users against PAM. If this is already supported, how to configure?

Suggestion 26: An automated email notification for upload/download administrated by users and folders

Suggestion 27: Please add change password feature in RELAY, as a user I can't see any link to change password.

Retrieved from "http://ecosmear.com/relay/wiki/index.php/Suggestions"
Personal tools
support