Uploading in root folder

[Foggy]

I come across this while transfering some files to my mums computer.

if you hold shift when starting to get the default settings, then goto http://127.0.0.1/~upload the upload page will appear even though no upload settings for any accounts have been set.

And when you upload something even though it fails you still fully upload it which could really hurt someones download quota over the internet(meaning the server receiving the file/the client uploading it where their isp counts uploads).

Code: [Select]

5:51:00 PM 127.0.0.1:2003 Upload failed, Not allowed: ipfilter.dat
5:51:00 PM 127.0.0.1:2003 Uploading ipfilter.dat
5:51:00 PM 127.0.0.1:2003 Got 8509 bytes
5:51:02 PM 127.0.0.1:2003 Fully uploaded -  12.14 MB @ 6687 KB/s
There is quite a few bugs just generally uploading to the root folder i have found.

Sorry i havn't got much time to explain in real good detail so i hope you understand.

[maverick]

You came across something similar that was discussed and fixed about 7 months ago.
http://www.rejetto.com/forum/index.php?PHPSESSID=8a8352de8ccd3e2cc41e1876f6a95037&topic=3967.msg1019836#msg1019836
Maybe something got broken since then.

[Foggy]

Yes, it sounds a bit similar.

I was thinkin about ym first post and it was confusing(like usual) so heres the problem in lamens terms.

If i goto http://localhost/~upload I get to the upload page, No username/password requested. That was done with all default settings, most importantly there was no root folder selected in hfs. So why would the upload page appear anyway if there isnt a folder for the uploads to go to?

And the other thing i noticed is all though the upload is not allowed on the server I still upload the whole file before I find out that the server rejected it. Shouldnt the server just drop the connection when the upload starts instead of letting it complete?
The log shows this

Code: [Select]

5:51:00 PM 127.0.0.1:2003 Upload failed, Not allowed: ipfilter.dat
5:51:00 PM 127.0.0.1:2003 Uploading ipfilter.dat
5:51:00 PM 127.0.0.1:2003 Got 8509 bytes
5:51:02 PM 127.0.0.1:2003 Fully uploaded -  12.14 MB @ 6687 KB/s

[rejetto]

And the other thing i noticed is all though the upload is not allowed on the server I still upload the whole file before I find out that the server rejected it. Shouldnt the server just drop the connection when the upload starts instead of letting it complete?

that's how HTTP works, sorry. i already had this doubt myself.

[rejetto]

ok, this problem is due to the not-so-old feature, that let you access any section page of the template just by typing its ~name

it's not so serious, but i guess some may be confused by the result, so i will think of it

[Foggy]

And the other thing i noticed is all though the upload is not allowed on the server I still upload the whole file before I find out that the server rejected it. Shouldnt the server just drop the connection when the upload starts instead of letting it complete?

that's how HTTP works, sorry. i already had this doubt myself.

would this be possible to fix this problem.
when i hit the upload button on the page. An upload request is sent to hfs, which then returns an allow/deny to the client. If you embed an if statement in the code on the upload page to act on the message returned from hfs to either upload the file or redirect to the error page.

Code: [Select]

it could work something like this
[b]if[/b] response [b]=[/b] allow [b]then[/b]
upload the file [b]else[/b]
redirect to error page
I dont know much about coding and http so Im just seeing if you think its worth a try.

ok, this problem is due to the not-so-old feature, that let you access any section page of the template just by typing its ~name

it's not so serious, but i guess some may be confused by the result, so i will think of it

I dont think that it is a big deal...
I just had this thought while posting
when hfs is processing the request for the template section, it could check whether or not access should be granted to it, if access is not supposed to be granted maybe hfs could send the error section instead.

[KalleB]

I don't understand why HFS lets me access the http://127.0.0.1/~upload in the first place...

With http://127.0.0.1/REAL_FOLDER/~upload (and upload disabled) HFS gives the login screen, but no password is valid.
With http://127.0.0.1/VIRTUAL_FOLDER/~upload HFS gives 404.

...so why doesn't HFS give the 404 with the root folder...it's a kind of virtual folder isn't it?

[Foggy]

I don't understand why HFS lets me access the http://127.0.0.1/~upload in the first place...

With http://127.0.0.1/REAL_FOLDER/~upload (and upload disabled) HFS gives the login screen, but no password is valid.
With http://127.0.0.1/VIRTUAL_FOLDER/~upload HFS gives 404.

...so why doesn't HFS give the 404 with the root folder...it's a kind of virtual folder isn't it?

My point exactly. thats why i posted about it, it didnt make no sense to me. 

[rejetto]

would this be possible to fix this problem.

no, AFAIK.

when i hit the upload button on the page. An upload request is sent to hfs, which then returns an allow/deny to the client.

HTTP is able to allow/deny only after the upload is completed.

when hfs is processing the request for the template section, it could check whether or not access should be granted to it, if access is not supposed to be granted maybe hfs could send the error section instead.

sections are always accessible. i mean sections as simple text.
the ~upload (the way you know it) is not just a section, it is something more.
but never mind, i don't mean to make you understand this, it is confusing and must be changed. end of the story.

[rejetto]

fixed in next build

[Foggy]

but never mind, i don't mean to make you understand this, it is confusing and must be changed. end of the story.

Lol, Ok. I do get confused real easy