Welcome Guest! You need to login or register to make posts.

Notification

Icon
Error

Options
Go to last post Go to first unread
sweechi  
#1 Posted : Tuesday, January 24, 2006 11:29:42 PM(UTC)
sweechi

Rank: Member

Groups: Member
Joined: 1/24/2006(UTC)
Posts: 2


http://www.mymegashop.co...PHP/DisplayingUserQuota/

as the title , the "select all" button & ""deselect all" button not work out.
after i pressed the "select all" button, it only frame up all the image, but the check box still empty .

please help.
thanks.
Alex Makhov  
#2 Posted : Wednesday, January 25, 2006 12:01:41 PM(UTC)
Alex Makhov

Rank: Advanced Member

Groups:
Joined: 8/3/2003(UTC)
Posts: 998

Hello,

SelectAll and DeselectAll methods which are called when user clicks Select All and Deselect All buttons do not check files because of security reasons. Checking files is only possible with internal ImageUploader SelectAll and DeselectAll buttons when CheckFilesBySelectAllButton property value is set to true.

Edited by user Friday, February 22, 2008 3:31:30 PM(UTC)  | Reason: Not specified

Sincerely yours,
Alex Makhov

UserPostedImage Follow Aurigma on Twitter!
davewolfs  
#3 Posted : Sunday, April 22, 2007 12:11:54 PM(UTC)
davewolfs

Rank: Member

Groups: Member
Joined: 4/3/2007(UTC)
Posts: 6

Alex, could you please elaborate on the security reasons. I am just curious to know if their are any risks in enabling this option.

Dave
Alex Makhov  
#4 Posted : Sunday, April 22, 2007 1:05:17 PM(UTC)
Alex Makhov

Rank: Advanced Member

Groups:
Joined: 8/3/2003(UTC)
Posts: 998

Hello,

Please, read the following article: Security Approach in Image Uploader.

Edited by user Monday, October 27, 2008 8:15:01 PM(UTC)  | Reason: Not specified

Sincerely yours,
Alex Makhov

UserPostedImage Follow Aurigma on Twitter!
davewolfs  
#5 Posted : Tuesday, April 24, 2007 2:31:02 AM(UTC)
davewolfs

Rank: Member

Groups: Member
Joined: 4/3/2007(UTC)
Posts: 6

That document does not answer my question. I am hoping that you can identify any potential risks by enabling this option.
greg_wood  
#6 Posted : Friday, May 11, 2007 1:01:27 AM(UTC)
greg_wood

Rank: Member

Groups: Member
Joined: 5/10/2007(UTC)
Posts: 1

Hello Alex,

I am unable to get the images to be checked when using my own select all and deselect all buttons that call the appropriate select all and deselectall methods of the imageuploader. They will put a frame around all of the images but not check them. This is true even when setting CheckFilesBySelectAllButton property to false. I have followed the example you mention and am not sure what I have missed.
Alex Makhov  
#7 Posted : Thursday, May 17, 2007 9:04:14 PM(UTC)
Alex Makhov

Rank: Advanced Member

Groups:
Joined: 8/3/2003(UTC)
Posts: 998

Hello,

It is done such way so that malicious page could not use the following approach:

1. Create hidden Image Uploader;
2. Use GoToFolder method to navigate to specific folder;
3. Select all files in folder suing SelectAll method;
4. Upload files to server.

So way it was possible to steal arbitrary user files.

Edited by user Friday, February 22, 2008 3:36:34 PM(UTC)  | Reason: Not specified

Sincerely yours,
Alex Makhov

UserPostedImage Follow Aurigma on Twitter!
Users browsing this topic
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.