View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0010753||mantisbt||feature||public||2009-07-22 09:35||2017-01-18 14:07|
|Summary||0010753: Autogenerate Upload Folders if not existing below default|
Due to the fact that MANTIS Admins or people allowed to create projects not always the same people allowed to administrate the webserver, it would be great to have subfolders below the default folder autogenerated.
Like f.e.: /BugTracker/ is the default and a project called Design is added, the user might want to have /BugTracker/Design/ as subfolder.
As of by now, the administrator would have to create the Design- Folder.
In terms the configuration to the default folder is made to allow the Webserveruser to modify directories as well as read/write, the Webserveruser could consequently create such folders.
I've done some changements to file_api.php & project_api.php. Since I am not that deep into PHP, my changement is more rudimentary and should be considered to be optimized (f.e. I didn't know how to overload the needed function :( ). Consequently see this as a proof of concept hack - which is working at least for us and for now ;)
See Additional Information for the changes
I added a second function behind as follows:
// Same as file_ensure_valid_upload_path but has a second parameter called $p_CreateIfNotExisting which is, if TRUE, simply mkdir the needed directory
In <b>project_api.php</b> I simply changed Line 273 to:
// file_ensure_valid_upload_path( $p_file_path );
|Tags||No tags attached.|
Maybe, if this is going into Mantis, an option to generally turn this on or off would be good :)
If this was going to happen it'd best be placed in the installation process (if applicable) and or as a separate administrator script in admin/create_upload_path.php or something along those lines.
Although I disagree with this patch on the basis that the web server user should not have write access one level up from the upload path. You can't mkdir without having write permission in the parent path (something we don't want to do).
Right, from a security perspective this isn't the greatest thing todo - but with direct user authentification instead of Mantis authentification, at least security could be improved since mkdir would work only within the user context.
If my PHP knowledge would have been better, I would have solved it this way.
Alternatively, a sub-path could be created by adding it to the DB and have an additional daemon, like with Email, creating this path on a schedule base. Therefore of course additional work in terms of handling etc. must be done ;o)
|2009-07-22 09:35||ischilling||New Issue|
|2009-07-22 09:37||ischilling||Note Added: 0022545|
|2009-07-23 21:40||dhx||Note Added: 0022550|
|2009-07-23 21:41||dhx||Note Edited: 0022550||View Revisions|
|2009-07-24 08:30||ischilling||Note Added: 0022551|
|2017-01-18 14:07||atrol||Severity||major => feature|