search

devsnd / cherrymusic

Stream your own music collection to all your devices! The easy to use free and open-source music streaming server.
http://www.fomori.org/cherrymusic
GNU General Public License v3.0
1.03k stars 187 forks source link

Upload Feature #533

Open systems-rebooter opened 9 years ago

systems-rebooter commented 9 years ago

Hey,

I know that cherrymusic is positioning itself as RO software which makes no harm to collection, but upload feature to different location will be still super-useful. What do you think?

systems-rebooter commented 9 years ago

I definitely love how super-fast @6arms1leg tagging issues after creation! Its like in seconds... +1

devsnd commented 9 years ago

I agree that it would be crazy awesome to be able to upload. My only concern is the amount of possible vulnerabilities to which CM would be opened up if users could upload arbitrary data... Anyway, I'd love to have the feature as well, but there is so much left to do (all kinds of bugs that scream for rewrites of parts of CM).

I'll leave this issue open, maybe someone else wants to implement this?

systems-rebooter commented 9 years ago

Hey @devsnd

I'm trying to make upload feature alive. Its long and hard way, since I'm a not programmer.. Thus, totally stucked with displaying drag'n'drop upload form in left frame (in same / new window its showing up ok, trough.. which is wrong, since it will mess musing playing / navigation).

screen shot 2015-05-03 at 12 14 02

What should I change and where to make this work, because right now I even simply can't display dummy <html> page in left frame.. The biggest achievement i was up to is duplication of showPlaylists() / displayMessageOfTheDay() / loadBrowser() functions, followed by clicked upload link

Thanks much!

systems-rebooter commented 9 years ago

Found a modal workaround. Didn't tune it yet, so it looks a bit messy on non high-resolution cellphones. But its better then nothing for now..

screen shot 2015-05-05 at 20 10 22

rajesh-battala commented 9 years ago

Is Upload files feature patch is available now?

systems-rebooter commented 9 years ago

I don't think so. Its not implemented because of security issues. To allow an end user to upload files to your website, is like opening another door for a malicious user to compromise your server (c)

I added this feature by my own with server side PHP validation.

Good reads on upload security:

https://www.acunetix.com/websitesecurity/upload-forms-threat/ http://stackoverflow.com/questions/256172/what-is-the-most-secure-method-for-uploading-a-file/18530956#18530956