Upload error in 7.01.0009

I mentioned some serious error already in version 6 in the uploads. Wand law and behold the exact same bugs are in 7.
I create a form called form_SCRIPTCASE_SC_UPLOAD with a database field called FILENAME, thus a form_SCRIPTCASE_SC_UPLOAD.php is generated.
This form is a single record form.

This generated file then has the following code in the first lines:

<?php
//
   include_once('form_SCRIPTCASE_SC_UPLOAD_session.php');
   @session_start() ;
   $_SESSION['scriptcase']['form_SCRIPTCASE_SC_UPLOAD']['glo_nm_perfil']          = "conn_oracle";
   $_SESSION['scriptcase']['form_SCRIPTCASE_SC_UPLOAD']['glo_nm_path_prod']       = "";
   $_SESSION['scriptcase']['form_SCRIPTCASE_SC_UPLOAD']['glo_nm_path_imagens']    = "";
   $_SESSION['scriptcase']['form_SCRIPTCASE_SC_UPLOAD']['glo_nm_path_imag_temp']  = "";
   $_SESSION['scriptcase']['form_SCRIPTCASE_SC_UPLOAD']['glo_nm_path_doc']        = "";
//

further on on line 273 in my case the following code is generated this code basically says if the upload path is empty (which is always): since I can not set glo_nm_path_doc, it is created in the first lines with no setting possibility. So it is always pointing to the _lib/file/doc path

      //check doc
      if(empty($_SESSION['scriptcase']['form_SCRIPTCASE_SC_UPLOAD']['glo_nm_path_doc']))
      {
              /*check doc*/$_SESSION['scriptcase']['form_SCRIPTCASE_SC_UPLOAD']['glo_nm_path_doc'] = $str_path_apl_dir . "_lib/file/doc";
      }

Around line 285 we see this:

      $this->path_prod       = $_SESSION['scriptcase']['form_SCRIPTCASE_SC_UPLOAD']['glo_nm_path_prod'];
      $this->path_imagens    = $_SESSION['scriptcase']['form_SCRIPTCASE_SC_UPLOAD']['glo_nm_path_imagens'];
      $this->path_imag_temp  = $_SESSION['scriptcase']['form_SCRIPTCASE_SC_UPLOAD']['glo_nm_path_imag_temp'];
      $this->path_doc        = $_SESSION['scriptcase']['form_SCRIPTCASE_SC_UPLOAD']['glo_nm_path_doc'];
      if (!isset($_SESSION['scriptcase']['str_lang']) || empty($_SESSION['scriptcase']['str_lang']))

So here $this->path_doc is set to what is determined on line 273, hence it is set to $str_path_apl_dir . “_lib/file/doc”

On line 451 the following code is generated.
Here the

      $_SESSION['sc_session'][$this->sc_page]['form_SCRIPTCASE_SC_UPLOAD']['path_doc'] = $this->path_doc; 
      $_SESSION['scriptcase']['nm_path_prod'] = $this->root . $this->path_prod . "/"; 
      $_SESSION['scriptcase']['nm_root_cep']  = $this->root; 
      $_SESSION['scriptcase']['nm_path_cep']  = $this->path_cep; 

Here $_SESSION[‘sc_session’][$this->sc_page][‘form_SCRIPTCASE_SC_UPLOAD’][‘path_doc’] is also pointing to $str_path_apl_dir . “_lib/file/doc”

Then on line 549 is my OnApplicationInit:

      if (isset($_SESSION['sc_session'][$this->sc_page]['form_SCRIPTCASE_SC_UPLOAD']['initialize']) && $_SESSION['sc_session'][$this->sc_page]['form_SCRIPTCASE_SC_UPLOAD']['initialize'])  
      { 
          $_SESSION['scriptcase']['form_SCRIPTCASE_SC_UPLOAD']['contr_erro'] = 'on';
 echo "OnApplicationInit";
$_SESSION['scriptcase']['form_SCRIPTCASE_SC_UPLOAD']['contr_erro'] = 'off'; 
          $_SESSION['sc_session'][$this->sc_page]['form_SCRIPTCASE_SC_UPLOAD']['initialize'] = false;
      } 

So basically $_SESSION[‘sc_session’][$this->sc_page][‘form_SCRIPTCASE_SC_UPLOAD’][‘path_doc’] variable and $this->path_doc variable have already been set the _lib/… dir.
But I want it to point to MY dir, e.g. c:/documentstorage

In order to be able to do that properly all I can do is set:
$_SESSION[‘sc_session’][$this->sc_page][‘form_SCRIPTCASE_SC_UPLOAD’][‘path_doc’] and $this->path_doc in my OnApplicationInit code in order to have the file uploader work as I want it.
So for example I would want $_SESSION[‘scriptcase’][‘form_SCRIPTCASE_SC_UPLOAD’][‘glo_nm_path_doc’] = “c:/documentstorage”;
This still looks like a serious bug that was never fixed even tho I gave all the details already in version 6.

There are various ways to fix this on YOUR side:
Solution 1: introduce a way to set the variables in the first line, e.g. by setting it somewhere in the app constants and then initialising with it.
Solution 2: have the section of line 285 NOT occur before the OnApplicationInit place (line 549) so either move OnApplicationInit forward or that code around line 285 after the OnApplicationInit
Solution 3: introduce a path setting with the document file type that can override the settings and have it set in the beginning of the code when it is generated. So the first lines would become:

<?php
//
   include_once('form_SCRIPTCASE_SC_UPLOAD_session.php');
   @session_start() ;
   $_SESSION['scriptcase']['form_SCRIPTCASE_SC_UPLOAD']['glo_nm_perfil']          = "conn_oracle";
   $_SESSION['scriptcase']['form_SCRIPTCASE_SC_UPLOAD']['glo_nm_path_prod']       = "";
   $_SESSION['scriptcase']['form_SCRIPTCASE_SC_UPLOAD']['glo_nm_path_imagens']    = "";
   $_SESSION['scriptcase']['form_SCRIPTCASE_SC_UPLOAD']['glo_nm_path_imag_temp']  = "";
   $_SESSION['scriptcase']['form_SCRIPTCASE_SC_UPLOAD']['glo_nm_path_doc']        = "c:/documentstorage";
//

I have included the generated file so that you can easily see that I am right in this.
please fix this bug so that I can easily change a path when needed!!

We are paying enough money for this to have it fixed and I bet that I am not the only one that has this issue.

form_SCRIPTCASE_SC_UPLOAD.zip (15.6 KB)

Hello,

I will contact our bugs team regarding this issue.

regards,
Bernhard Bernsmann

Is there any progress on this??? I did report it already in V6.
I also gave more then enough details on how and where to fix it. I wish this part wasnt zend encoded otherwise I would have fixed it myself.

And now the next bug in the uploader.
The exact same form with multiple records as before.
With the fields NR (autonumber froma sequence),SUBFOLDER a subfolder where I want to save thus not visible in the table, FILENAME the filename, REMARK as some text, LASTUPDATE as a datetime field
FILENAME has subfolder called: [sc_upload_folder]
The following event where I want to block an upload that already exists, which generally doesnt occur.

OnBeforeInsert:
//check if the file already exists if so then dont upload
if (file_exists($_SESSION['scriptcase']['grid_filestorage']['glo_nm_path_doc'].[sc_upload_folder].{FILENAME})){
	sc_error_message('This one already exists:' . {FILENAME} . "
");
};

I also want to delete the file AFTER I deleted the record (before would be ok too that code is basically the same.

OnAfterDelete:
echo $_SESSION['scriptcase']['grid_filestorage']['glo_nm_path_doc'].[sc_upload_folder];
echo '<br>';
echo {FILENAME};
echo '<br>';
if (file_exists($_SESSION['scriptcase']['grid_filestorage']['glo_nm_path_doc'].[sc_upload_folder].{FILENAME})){
	unlink($_SESSION['scriptcase']['grid_filestorage']['glo_nm_path_doc'].[sc_upload_folder].{FILENAME});
};

No I have my page before me and I do the following things:
Press the new button to create a new record
Upload a file
Confirm the upload with the little icon with an arrow up, I check the server directory and see the file is uploaded where I want it.
Then I want to delete the file without!! leaving the page
I get the following result from OnAfterDelete:
c:/storage/acc/mutform/109/
C:/UniServer/www/acc/hrm/mutformsc7/_lib/tmp/sc_6ffe6419_TestVersie.bmp
Hence my {FILENAME} is seriously screwed up!!! It should be: TestVersie.bmp
The file therefore doesnt get deleted, hence a bug.

If I use the following sequence:
Press the new button to create a new record
Upload a file
Confirm the upload with the little icon with an arrow up, I check the server directory and see the file is uploaded where I want it.
I leave the page via the button
Then I go back to the page
I get the following result from OnAfterDelete:
c:/storage/acc/mutform/109/
TestVersie.bmp
Now it is correct!!! It should be: TestVersie.bmp
The file therefore does get deleted.

For people that want to know how to store their files somewhere else due to the bug I mentioned in the first post you have to do the following:
Grab your php page in my case: grid_filestorage.php (so not any of the grid_filestorage_…php pages).
In the first couple of lines there is a line:

   $_SESSION['scriptcase']['grid_filestorage']['glo_nm_path_doc']        = "";

change that to the path where you want to store your own data

   $_SESSION['scriptcase']['grid_filestorage']['glo_nm_path_doc']        = "c:/storage/";

This grid_filestorage is of course the name of my application.

Be aware tho that your webserver MUST HAVE the proper rights to reach that c:/storage for create,read,write
The advantage is that nobody can get with it via a smart http path guessing and hence your documents are properly protected. It would be really really stupid to store your documents in the $str_path_apl_dir . “_lib/file/doc” dir where anybody can download them. To block that you’d have to disable downloads on that dir by changing your .htaccess files (for example).;

So please get this fixed asap (like yesterday!!)

I forgot another stupid bug which is in the uploader field:
If I upload a file with a special character then it gets uploaded, for example ‘R&D_document.doc’
Yet when I want to download it, I get an error that it can not be downloaded, the cause is the & sign. So here you have the next bug to fix…
It goes well if there are no special characters. So I can choose to circumvent that bug by renaming the file and renaming the FILENAME in database record.
or I can yet again try to find where this blooper is made and fix the code.

It also looks that the clearing of the uploaded files in the temp dir also is working bad.

Hello rr,

I will contact our bugs team again regarding the issue.

thanks.

Hi Bartho,

As rr is a direct collegue I will follow this issue carefully. I find it unbelievable that this issue which I (we) have reported over and over again and which is one of the best documented bugs is still not solved and persists since version 6. This bug is over one year old! A real shame!

And yet there is another bug found.
If I upload a file ‘This is a file with spaces.txt’ then on download it is named ‘This+is+a+file+with+spaces.txt’
??? Odd… I am working on a seperate uploader now. There are basically too many bugs.
And I know the upload php script that is being used in scriptcase is already outdated as well…

I have my eyes now on Mini AJAX Upload Form combined with encode explorer which I can basically change to not allow subdirs.
All I then need is to get them connected with scriptcase in such a way that the paths are not directly accessible form the outside (check scriptcase session and so on).

[QUOTE=rr;19212]And yet there is another bug found.
If I upload a file ‘This is a file with spaces.txt’ then on download it is named ‘This+is+a+file+with+spaces.txt’
??? Odd… I am working on a seperate uploader now. There are basically too many bugs.
And I know the upload php script that is being used in scriptcase is already outdated as well…

I have my eyes now on Mini AJAX Upload Form combined with encode explorer which I can basically change to not allow subdirs.
All I then need is to get them connected with scriptcase in such a way that the paths are not directly accessible form the outside (check scriptcase session and so on).[/QUOTE]

Besides that fact that we are currently working on another upload solution doesn’t mean that this issue can get a low priority status at scriptcase now. I think that this issue needs to be addressed, solved and deployed A.S.A.P. This bug is over a year old now and needs to be fixed!!!

[QUOTE=aducom;19198]Hi Bartho,

As rr is a direct collegue I will follow this issue carefully. I find it unbelievable that this issue which I (we) have reported over and over again and which is one of the best documented bugs is still not solved and persists since version 6. This bug is over one year old! A real shame![/QUOTE]

Hello Albert,

I will address this issue with our bugs team.

Thanks!

There we go again, another set of bugs…
When I upload a file with an & in it then I can upload it properly but I can not download it. & gets replaced by ECom when I download it.
When I upload a file with a + in it then I can not upload it.
When I upload a file with a space in it then I can up and download it.
When I upload a file with a # in it then I can upload it but not download it, # gets replaced by JVel
When I upload a file with a % in it then I can not upload it.
When I upload a file with a ? in it then I can not upload it.
When I upload a file with a ? in it then I can not upload it.
etc…
I guess nobody there ever heard about url encoding??

Good Day,

After update 7.1.0010 I cannot upload any files using Mozilla, Firefox or Chrome. I have a project that I need to release to a client and was put on hold of this.

Any advice how to temporally fix this.

Hello Bartho,
You probably do not have the power at SC to do this on your own, but seems like it would be good public relations if SC would just maintain a public list of issues like this - with some sort of status. Such a list could simply link to one or more forum posts related - you could be the logical one to actually do that.

The list might be for paid users only - that way few people would have access if that makes SC more comfortable.

I know SC is closed source , and that is fine. You guys may be inclined to keep bugs and issues closed, but what is happening is that this forum (and other forms of communication we users use together) have postings like this anyway. And they are persistent… they never go away. It would be so much better for SC if you could post something like, logged this as issue #1234. When it was resolved, you could always go back and tag the forum with an issue #1234 is resolved in release xyz.

Don’t get me wrong, I REALLY REALLY like SC. It is great. But this is not indicative of long-term health for SC. We users want SC to be around for a long time and to be getting better and better. Seems like this is a logical request. I would be happy to communicate with you or your team or management further if that would be useful to get a tracking system in place. Hey, you could have a contest - to build the best issue tracker - open to all SC users - first prize is a free support package???

Bartho, please let me know your thoughts on this. Thanks,
Hope you all have a great day
Jamie

Uh oh, no upload on 7.1.0010? I’d better back up before I even try to update…
Have you tried the simplest of the simplest version (form with multiple records is what I use).
I have been digging really deep into the upload problems.
So for a temp fix I have this the following. Say for example you app is named grid_filestorage then once you generate the code you get a bundle of php files. You need then to check grid_filestorage.php
and grid_filestorage_apl.php. The grid_filestorage.php is the main file where the upload is handled.
If you run the upload and you do an upload you should get the OnBeforeInsert an OnafterInsert events. With your OnAfterInsert event you should already be able to see if your file has arrived.
Check out the pieces of code that handle path_doc, here you ought to do your main checks. Are you fully sure that the files dont just come at another place then where you think? Due to bugs in the uploader that is (ab)normally happening.

Thank you rr for the response.

I eventually bought support and lodge a ticket about this. They came back to say that they also could not upload files and that they already sent this through to the dev team.

I can just hope that this will be fix soon, otherwise I will loose my client and the last 6 months of work was for nothing.

Jacques

We have put this ticket to support and got as reply to fill the full path in the fieldproperty. Unbelievable. But we’re on top of it!

[QUOTE=onmountain;19293]Hello Bartho,
You probably do not have the power at SC to do this on your own, but seems like it would be good public relations if SC would just maintain a public list of issues like this - with some sort of status. Such a list could simply link to one or more forum posts related - you could be the logical one to actually do that.

The list might be for paid users only - that way few people would have access if that makes SC more comfortable.

I know SC is closed source , and that is fine. You guys may be inclined to keep bugs and issues closed, but what is happening is that this forum (and other forms of communication we users use together) have postings like this anyway. And they are persistent… they never go away. It would be so much better for SC if you could post something like, logged this as issue #1234. When it was resolved, you could always go back and tag the forum with an issue #1234 is resolved in release xyz.

Don’t get me wrong, I REALLY REALLY like SC. It is great. But this is not indicative of long-term health for SC. We users want SC to be around for a long time and to be getting better and better. Seems like this is a logical request. I would be happy to communicate with you or your team or management further if that would be useful to get a tracking system in place. Hey, you could have a contest - to build the best issue tracker - open to all SC users - first prize is a free support package???

Bartho, please let me know your thoughts on this. Thanks,
Hope you all have a great day
Jamie[/QUOTE]

Hello Jamie,

I do think this is a GREAT idea - leaving aside any difficulties there may be on creating this policy (And don’t think I’m saying this shouldn’t be done due to difficulties).

We have an internal bug tracker linking to forum posts / topics, tickets, and emails.

I will talk about your suggestion with our team.

Thanks,
Have a great day too!
Bernhard

Addition to the filename bug:
It appears that when files are uploaded that have characters >127 in it that they dont get properly encoded on the server side.
So I upload a file called 3d_scene?106.jpg and in my tmp this file occurs: sc_dd6ae2d3_3d_sceneë106.jpg even tho my form shows the name properly.
apparently the utf8-decode() function is not being used to save the file where it should (see also https://github.com/blueimp/jQuery-File-Upload/wiki/Setup where something similar occurs).

Another small error: when I have my deployment for advanced deployment in front of me, I see a help button… Clicking this button points to
https://myserver/scriptcase/devel/iface/download_doc.php
and gives:
ScriptCase could not find the necessary files to display the help topics. It is necessary to download the .zip file containing the ScriptCase manual and the extract its contents to the scriptcase/doc directory on your web server where ScriptCase is installed.

In order to download the documentation, access the download page.

Documentation Download