Welcome, Guest
Username: Password: Remember me

TOPIC: GSOC 2010: File Upload Question Type

GSOC 2010: File Upload Question Type 4 years 6 months ago #41860

  • texens
  • texens's Avatar
  • OFFLINE
  • Junior Lime
  • Posts: 24
  • Thank you received: 1
  • Karma: 0
Hi,

I'm Amit Shanker (texens), a Senior Undergraduate student pursuing Bachelor of Technology in Computer Science and Engineering at Indian Institute of Technology Kharagpur (IIT Kgp).

Basically from central India, I've spent a good part of my teenage years in New Delhi and will be moving to the Indian silicon valley - Bangalore very soon.

This summers, I'll be working on the much demanded File upload Question type for Limesurey 1, and the proposal document for the same can be found here. I'll be working under the mentorship of Carsten Schmitz. Marcel Minke will be the co-mentor for the project.
I'm very excited about this project and am looking forward to your comments and feedback on the proposal. Please feel free to post in any comments on the aforementioned link.

Looking forward to an awesomely awesome summer with Limesurvey \m/ \m/
The administrator has disabled public write access.

Re:GSOC 2010: File Upload Question Type 4 years 6 months ago #41864

  • jelo
  • jelo's Avatar
  • OFFLINE
  • Platinum Lime
  • Posts: 470
  • Thank you received: 52
  • Karma: 16
Hello Amit,

thanks for your post and for taking the time to contribute to LimeSurvey.
Keep my fingers crossed that you will still have some fun while coding ;-)

Since you asked for feedback and thoughts in this early stage:

Uploading a file is a nice feature for the good and bad guys.

Security is a process as you stated on your project page. And in the process more and more omnipotent php functions are disabled on public running php stacks. Via disable_functions in the php.ini you often find these routines disabled: exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source, phpinfo

Another security layer more and more used is Suhosin ( www.hardened-php.net/suhosin/index.html ).

When planning the upload and save part of the files it would be nice to try the least powerful functions terms of abuse potential.

I would' look at the upload routines of bugtrackers but more on the upload routines of gallerys and discussion boards, which have a bigger installed base and are more likely to be attacked.

A simple way to secure the uploaded content from webacess it to move it out of the webroot (a simple additional path in the configfile would to the trick). A viewing routine would be more complicated because no direct url access to the file would be possible. But since the focus is on the upload and not on exposing the file to many concurrent viewer (e.g. gallery) I don't see the additional payload of a viewing routine as a performance killer.

Just a few raw thoughts. Hope they make sense. If not, feel free to punish me with words ;-)

P.S.
What is in your opinion the best english speaking website for news coverage about/from India?
The administrator has disabled public write access.

Re:GSOC 2010: File Upload Question Type 4 years 6 months ago #41914

  • texens
  • texens's Avatar
  • OFFLINE
  • Junior Lime
  • Posts: 24
  • Thank you received: 1
  • Karma: 0
Thanks jelo, for the quick feedback :)

Indeed, File system security is of utmost importance and one of the major challenges of this project.

Yet another factor is that we have to consider the fact that a lot of people use shared hosting services and hence they might not have access to a lot of things that usually dedicated servers have. Hence, moving the uploaded files outside the webroot might not be a possibility. We can make the directory inaccessible for any outsiders by setting the right properties in the .htaccess file though. I haven't digged into suhosin yet, but a quick looks gives the impression that its a patch for PHP and hence may not be feasible, yet again due to the aforementioned reason.

While everyone (given he is eligible to participate in the survey) can upload, only admin/privileged users can browse/download the files. So, the focus is going to be on uploading the files, storing them in a temp folder unless the files are submitted, and then keeping them safe from any evil users after they are submitted. The real trouble comes when we execute third party tools on the server for editing the uploaded files. During this period, a malicious file could exploit security loopholes in the third party tool. Hence, this is one area where we're going to need a lot of brainstorming and feedback from everyone.

I'll be regularly updating the proposal with all the ideas that we come up with for the project.
Thanks again for the feedback :)
What is in your opinion the best english speaking website for news coverage about/from India?
I love to read the Times of India, but Hindustan Times is equally popular in India.
The administrator has disabled public write access.

Re:GSOC 2010: File Upload Question Type 4 years 6 months ago #42011

  • Mazi
  • Mazi's Avatar
  • OFFLINE
  • LimeSurvey Team
  • Posts: 5423
  • Thank you received: 307
  • Karma: 252
At the proposal which can be found in our wiki at docs.limesurvey.org/tiki-index.php?page=...Upload+Question+Type the idea to add 3rd party hooks e.g. to convert uploaded images into a certain format.

We are interested in user feedback on what kind of 3rd party hooks you are interested in!
Opinions?
Suggestions?

Best regards/Beste Grüße,
Dr. Marcel Minke
(Limesurvey Head of Support)
Need Help? We offer professional Limesurvey support
Contact: marcel.minke(at)limesurvey.org'"
The administrator has disabled public write access.

Project Status and Weekly Progress Report 4 years 5 months ago #43452

  • texens
  • texens's Avatar
  • OFFLINE
  • Junior Lime
  • Posts: 24
  • Thank you received: 1
  • Karma: 0
This week saw quite some coding and I am glad to inform you that the Simple Browser Uploader has been implemented and committed to the GSoC branch. (limesurvey_dev)

With this implementation, we can do the following:

A survey administrator can create surveys that have file upload question types, and activate them.
* A surveyee can upload one or many files in response to the File upload question type using the browser.
* The files uploaded by the surveyee are saved into the file system.
* The file meta-data such as title, comments, file name etc are saved as a JSON string into the database.
* create a map of the fields(fieldmap), that this question type has. This fieldmap will be used for implementing various functionalities such as data entry and response browsing.

This implementation still lacks the following:

* Form validation to allow surveyee to upload only those file types that have been permitted by the survey administrator.
* Form validation to restrict the number of files that can be uploaded by the surveyee.

We can say that more or less, the base for the file upload question type is all set. Now, we'll be using this base to implement all other functionalities such as statistics, data entry, response browsing, import export etc.

The target for the next iteration (May 24 - May 31) is the Advanced File uploader. The motivation behind this advanced file uploader is to give a fancy frontend to the file upload procedure, and also give feedback to the surveyee regarding the progress of the upload with features like progress bar, etc. It also adds a couple more features and the mockups and details for the same can be found on the FUQT proposal page: docs.limesurvey.org/tiki-index.php?page=...estion+Type#Uploader

Please feel free to drop back any comments on the mailing list or on the support forums. I am looking forward to feedback from the community on the aforementioned work :)
The administrator has disabled public write access.

Design/CSS for Advanced File Uploader 4 years 5 months ago #43645

  • texens
  • texens's Avatar
  • OFFLINE
  • Junior Lime
  • Posts: 24
  • Thank you received: 1
  • Karma: 0
Hello,

The front-end for the Advanced File Uploader has started taking some shape. As mentioned in my last weekly report, the back-end for the upload has already been completed. Also, a simple form has been created to upload the files.

This Advanced File uploader will serve the following purposes:

* Facility to preview the uploaded files
* Edit the file's meta-data after uploading the files
* If the surveyee feels that he doesn't want to submit a file after uploading it, he can delete that file from the gallery tab.

This Advanced File uploader has 3 tabs:

1. Upload from Computer
* Contains the actual form that is used to upload the files
* Since, the files that will be uploaded will in most cases be documents and/or images, and won't be very big, the upload process won't be very long. And hence, I've thought of replacing the progress bar (as in the proposal) with a simple loading animation. We can easily switch to the "progress bar" thingy instead of the "loading" animation, but the upload will be so fast that one won't be able to see the progress bar actually 'progressing'. I'd really appreciate a feedback on this topic from everyone
2. Upload from URL
* The surveyee can give the URL of a document on the web, instead of uploading it off his own hard drive
3. Uploaded files Gallery
* Once the files have been uploaded, the surveyee can preview all the uploaded files for that particular question, edit the file's meta-data, or even delete them. It will also have a submit button from where he can submit all the uploaded files for that particular question.

While "1. Upload from Computer" has already been implemented, I'm working on the "2. Upload from URL" and "3. Uploaded files Gallery".

The File Upload question in the survey will have a simple upload button. On clicking this button, the Advanced File Uploader will come up in a shadowbox.

I'm maintaining a copy of this uploader at the following address: texens.5gigs.net/uploader/survey.php
Please click on the Upload link on the page, and you'll be able to see the shadowbox and its contents, along with the tabs on the top. (No, they don't look like tabs because we don't have the tab button images yet.)

We need to beautify this shadowbox. and I'd like to invite suggestions for designs from the Community for the same. I'm looking for the following things in particular:

1. tab button images for the menu
2. design of the "upload from computer" page and
3. desing of the "gallery" page
4. "upload" button image on the "upload from computer" page
5. "submit" button on the "gallery"page.

We can discuss the designs here on the forum or you can reply to my email on the LimeSurvey mailing list on the aforementioned topic. You can also catch me on IRC (freenode #limesurvey) where I go by the nick texens.

Looking forward to your feedback,
Amit
Last Edit: 4 years 5 months ago by texens.
The administrator has disabled public write access.

Re:GSOC 2010: File Upload Question Type 4 years 5 months ago #43689

  • CarbonaCat
  • CarbonaCat's Avatar
  • OFFLINE
  • Fresh Lemon
  • Posts: 3
  • Karma: 0
My two cents:
-> As you said, pictures will be uploaded pretty often. Will there be a way to limit the picture width/height, and/or a tool to resize/crop the picture?
-> KISS: Keep It Simple, Stupid. I think it's best if the surveyee can only upload a single file, review it and confirm it as well. If the uploader's UI is too complicated for him, the surveyee will be scared and will either ignore the question or stop the survey. I think it's a critical point...
- Also... When a surveyee is uploading a file, does he have to wait until it's done to be able to answer other questions?
- For the design: How will the file uploader integrate with the current template? Will it be customizable?

Also, some technical remarks, but you don't have to take them in account since this is only a prototype:
- On Chrome, it's empty, and on IE7 a javascript error. I assume you're making your devs with Firefox?
- There's some "document.getElementById" when I open the generated source code... Would'nt it be best to use jQuery for this?
- Will it be gracefully degradable?

I'm looking forward for this dev :)

Kind regards,
The administrator has disabled public write access.

Re:GSOC 2010: File Upload Question Type 4 years 5 months ago #43700

  • texens
  • texens's Avatar
  • OFFLINE
  • Junior Lime
  • Posts: 24
  • Thank you received: 1
  • Karma: 0
CarbonaCat wrote:
My two cents:
-> As you said, pictures will be uploaded pretty often. Will there be a way to limit the picture width/height, and/or a tool to resize/crop the picture?
Yes, we will have hooks for third party tools to process the files post uploading. Resize/Crop is indeed a very basic requirement and will be inbuilt in the Advanced File Uploader. We'd like to invite suggestions on more such 3rd party tools that might be helpful for the surveyee as well as the survey administrator.
-> KISS: Keep It Simple, Stupid. I think it's best if the surveyee can only upload a single file, review it and confirm it as well. If the uploader's UI is too complicated for him, the surveyee will be scared and will either ignore the question or stop the survey. I think it's a critical point...
Once the files have been uploaded, the surveyee will be redirected to the gallery page where he can review the file's metadata such as title, comments etc. In case of images etc, he can also preview the image, resize, or crop it. Once, he's done with all this, he can press the submit button on this page; the shadowbox will close and the surveyee will be taken back to the survey page from where he entered the shadowbox.
I should have the complete Advanced Uploader in a couple days. We can give it a test run, and depending on the feedback from the community, we can modify the user interface if it seems to be too complicated to use.
- Also... When a surveyee is uploading a file, does he have to wait until it's done to be able to answer other questions?
I opine that the surveyee should wait until the file(s) are uploaded.
Indeed, we can save surveyee's time if we allow her/him to take up other questions while the files are being uploaded. But, there might be a lot of scenarios where we'd like to wait for the surveyee to finish uploading his files.
Take, for example, while uploading, there can be issues such as file size restrictions, allowed file type restrictions, disk space issues and other errors. And the next question might be dependent on this file upload type question, or this file upload type question might be the last question of the survey. Hence, it's a tradeoff between the two. But, sure thing its open for discussion and I'd like to know what others feel about this issue.
- For the design: How will the file uploader integrate with the current template? Will it be customizable?
Yes, the file upload question type, like all other question types will indeed be customizable.
Also, some technical remarks, but you don't have to take them in account since this is only a prototype:
- On Chrome, it's empty, and on IE7 a javascript error. I assume you're making your devs with Firefox?
Its not working on chrome due to CSS issues; we are yet to do the styling for the upload page. Once we have the CSS, the problems should get fixed without much effort. I haven't tried it on IE yet and will test it only after I'm done with the CSS. Yes, I'm using Firefox for all the development and testing for this project.
- There's some "document.getElementById" when I open the generated source code... Would'nt it be best to use jQuery for this?
I'm basically a server-side guy and this is my first client side code. I learned javascript and jQuery recently; 3 days back to be more precise ;-)
At first look it seems to be a nice idea to use jQuery library, but I'm not sure about the performance and compatibility issues of both of them. I'll digg into it and also discuss it at length with my mentor and colleagues at the dev meeting and accordingly finalize on this issue.
I'm looking forward for this dev :)
Thanks a lot for your feedback and suggestions :) We should have this advanced file uploader up and running in a couple days. Once its complete, I'll post it right here so that everyone can try it out and give me some feedback, especially on the usability and user interface. The aim is to make the entire upload procedure very smooth and flexible for the surveyee, but definitely it has to be easy as well, 'cause the last thing we want is to scare away our surveyee ;-)
The administrator has disabled public write access.

Re:GSOC 2010: File Upload Question Type 4 years 5 months ago #43747

  • Mazi
  • Mazi's Avatar
  • OFFLINE
  • LimeSurvey Team
  • Posts: 5423
  • Thank you received: 307
  • Karma: 252
Also... When a surveyee is uploading a file, does he have to wait until it's done to be able to answer other questions?
We should wait for the upload process to be finished. In general, when writing the documentation we should add a note like "When allowing users to upload large files we recommend to add these file upload questions at the end."

Best regards/Beste Grüße,
Dr. Marcel Minke
(Limesurvey Head of Support)
Need Help? We offer professional Limesurvey support
Contact: marcel.minke(at)limesurvey.org'"
The administrator has disabled public write access.

Re:GSOC 2010: File Upload Question Type 4 years 5 months ago #43757

  • texens
  • texens's Avatar
  • OFFLINE
  • Junior Lime
  • Posts: 24
  • Thank you received: 1
  • Karma: 0
- There's some "document.getElementById" when I open the generated source code... Would'nt it be best to use jQuery for this?
LimeSurvey1 already ships with jQueryUI library and hence, we'll be using jQueryUI library for all the client side scripts including the tabs and hiding/showing animation during upload process. I'm replacing all raw javascripts with jQureyUI functions in the uploader.
The administrator has disabled public write access.
Moderators: ITEd
Time to create page: 0.150 seconds
Donation Image