Check out the LimeSurvey source code on GitHub!

Weird behaviour on upload files from respondents.

More
4 years 4 months ago - 4 years 4 months ago #86921 by blanka
When a respondent uploads a file, it ends in a weird location with a weird name.
I was suspecting a location like:
/upload/surveys/number/token/.....
With original file names.

But instead they end up here:
/tmp/upload/garbagelettersandnumberswithoutextension
The weird thing is, they have permission 600, and I cannot alter the permission. This means, they cannot be downloaded manually.

Questions:
How am I going to get the files out of the system?
Is it possible to store files with original names and subfolder structure?
How do I set permissions to 777 on these files (Cyberduck FTP does not allow it).
Is it possible to mod LimeSurvey that the group on uploaded files is not Apache, but say user. I think this is the main cause of the problems.
Last Edit: 4 years 4 months ago by blanka.

Please Log in to join the conversation.

More
4 years 3 months ago #87499 by blanka
Bump

Please Log in to join the conversation.

More
4 years 3 months ago #87518 by DenisChenu
Hello,

Name and "no direct donload" is here to preserve some security. You can donwload the file in the browse answer part.

Denis

Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand (or search sondages pro).

Please Log in to join the conversation.

More
4 years 3 months ago #87688 by blanka
I just can't download uploaded files through the result browser. Don't get it. So I try to mod the upload script. Should it be possible to download files with their original file names?

Updated some code in upload.php:
$prefixname = sRandomChars(3)."_";
    $sTempUploadDir = $tempdir.'/upload/';
    $filename = $prefixname.$_FILES['uploadfile']['name'];
    $randfileloc = $sTempUploadDir . $filename;

and changed this:
$return = array(
                        "success"       => true,
                        "size"          => $size,
                        "name"          => rawurlencode(basename($filename)),
                        "ext"           => $ext,
                        "filename"      => $filename, //$randfilename
                        "msg"           => $clang->gT("The file has been successfuly uploaded.")
                    );

Now the files are uploaded with readable names without the risk of duplicating through the 3 random character prefix.

Is it possible to get the token value into upload.php as prefix instead of these 3 random chars?

Is it possible to add a command to the upload script to set the permissions of the file different.

The change of filenames works with my adjustment above, but the files remain in the tmp dir, and are not moved to upload/survey/number/

Please Log in to join the conversation.

Imprint                   Privacy policy         General Terms & Conditions         Revocation information and revocation form