sure - please check them - maybe you have here or there a better idea.
I encoded the Filenames base64:
./buysell/uploadify.php
Find 4 Times
Replace with
Code: Select all
base64_encode($fileParts['filename'])
About the loss of the session in the same file:
Find and comment out:
Code: Select all
$user->session_begin();
$auth->acl($user->data);
//$user->setup('mods/classified');
$user->setup();
wel .. as I said - I don't know if the last edit brings a security risk. But the uploadify.php seems never been called by an other php file but only by the javascript in the classifieds_header_include.html. So I guess, that this is the reason why the session gets lost.
I don't know if this works, but maybe you/I should try to include the uploadify.php in the manage_ad.php and leave the session management in. I'll check this out an post the result later...
______________________
I have an other question. The "old" classifieds didn't have some kind of Image management (If I delete an AD the the images were not deleted). The new version is much better. If an ad is deleted - are the images and thumbs also deleted?
Maybe a file managment option in the ACP would be an nice idea.
Like:
- check if the files in the DB are really on the HD
- check if all files on the HD are in the DB aswell
- check for orphan files and DB entries (e.g. if a user uploads a file, but never sends the AD)
at the moment I use a self written script doing that for me ... there were over 7000 files "useless" on my HD
PS: the changes above don't affect a live version - on all AD's after that the filenames will be base64 encoded