hi,

I'm using XOOPS Image manager but - if it's possible - I would like to keep original image name.

At this time :
20091016_myimage.jpg ---> img4932b8e745e30.jpg
What I would have :
20091016_myimage.jpg ---> 20091016_myimage.jpg

I've looked for but not found information on this forums

Thanks in advance !

sorry someone, i know this question has been unanswered for a few days, and it really is a simple request which a core team developer could easily have answered.

but your method is not secure and not the best method. please don't take this the wrong way.

by altering uploader class like this, you are not just affecting the image uploader, but you are affecting any other module and core function that uses the uploader class.

random file names are there for a security reason because if your script allows executable files etc, and the path becomes known and the file is not stored outside of webroot, the filename would be known because a user has uploaded it. he can then gain complete access to the server by uploading a malicious script and then calling it from his browser.

if you want the image manager to not use a random prefix, then edit the image manager file directly not the uploader class.

in htdocs/imagemanager.php

around line 217:

remove this line >



now that will let the uploader class not set random prefix for image files, but will still allow other modules to have random prefixes should they want to use the setPrefix() function.


regards

vaughan

hi,

Thanks a lot !

Thanks a lot. This small code saved my life. I was working on another issue and forun the solution here. My need was the opposite and I added this code and worked well for me.

The problem with the current uploader class is that it isn't that very bright. It actually doesn't do proper check to see if the file that is being uploaded is actually the mimetype it should be. All it does it check the file extension and then to see if that extension matches the mimetype using not very reliable methods.

All the script really does, is not allow files with certain extensions like php etc. The current system can be easily fooled and I have done it in tests over this last week.

The uploader should check the validity of a file using file headers using the php 'finfo_open' and mime magic before it tries any other method of mimetype detection.

But you are correct, never edit the class directly always the main area that calls the class.

Catz