Blue Presley
asked 10 years ago

As of DWQA 1.2.8, we are still unable to upload photos in our content (questions or answers).  How do we fix this?  I see you guys have upgraded as well, and the image link functionality here even no longer works.
Is there something I can do in the programming to bring this icon back and start inserting image links?

Thanks,
Blue

3 Answers
DominicStaff
answered 10 years ago

  Thanks for posting on our community. The function ” Insert Image” has conflict with WordPress 3.9 and directly relates to security of your site, so that we only grant for users who have enough permission ( such as admin) can upload the images.  You can go to http://imgur.com/  to upload your images then just copy/paste the image link to question/answer editor area. 

Blue Presley
replied 10 years ago

Hello, can you tell me more about the security issue? We have a test site where we’ve implemented the ability to upload images: http://bluepresley.com/tna. We did this by setting the DWQA programming to allow media, and then gave upload_files permissions to subscribers. Please feel free to create a quick test account to try it out. So far this is working well for us, but I have been concerned about the security as well. So, if you could elaborate more, please let me know what issues we may face.

DominicStaff
answered 10 years ago

 Hi Blue, Good job, my friend 🙂 You can customize to allow your subscribers to upload media, that’s awesome. However, please take note that in some case, anyone can add a file infected virus maybe, it will make your site broken whenever.

well wisher
answered 10 years ago

wow talk about security and let me explain how and what can be the cases suppose that you have not handled the security part in the upload feature and i am the hacker i could upload a backdoor on your site a shell now what does that mean?
It would mean that i  just uploaded my own control panel on your site ,so what you may say and my answer would be…
Now i can send spam mails using your domain name and mailing server,i can host a file a worm which would spread itself each time someone visits your site and in worst case if i dont like your site i would deface it.
No offense was jsut asking you to suppose all that so you better have done it properly
All the best thanks
 

well wisher
replied 10 years ago

make sure user is able to uplod file with .png .jpeg and .jpg formats only and if you can upload a file with.php or any other executable format my friend then sure there is going to be whole lot of problems

Blue Presley
replied 10 years ago

@well wisher Well, this is a big issue then. First, I don’t understand why WordPress doesn’t have the security in place to prevent “non media” files from being uploaded. How can I only permit png jpeg gif to be uploaded?

In this day and age, the ability to add images to a post is an absolute must. As a community all of us are looking to improve DWQA, so how do we overcome this issue to both provide security but also meet the community’s needs to have image uploads for their posts? You can see by my test website, http://bluepresley.com/tna that this is extremely important.

well wisher
replied 10 years ago

you need to include some code to check the extension of the file which is being uploaded you also need to set some size limit on the file like not more then 4mb etc you can do this by getting the image file name and breaking it down in parts after dot (.) and then match it with some predefined allowed image extension types if matches then let it get uploaded and stored in database else discard the request.
Hope this helps to have a basic idea of the logic
Thanks and all the best 🙂

well wisher
replied 10 years ago

I see you are using buddypress there are plugins available for image file management like rtmedia but integrating them with dwqa is another thing to manage

Powered by DW Question & Answer Pro