-
Notifications
You must be signed in to change notification settings - Fork 543
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[ENH] Upload a zip file of assets and Oqtane to add them to the filemanager #4207
Comments
I am guessing any new folders created would inherit the security permissions of the folder where the ZIP file was uploaded? ZIP file uploads are famous for security vulnerabilities (ie. https://security.snyk.io/vuln/SNYK-DOTNET-SHARPZIPLIB-2385941) so this enhancement would need a lot of testing. |
Picking the permission from the file manager sounds right also the extensions would need to be checked which should help reduce the vulnerability. |
The proposed enhancement involves extending the existing capabilities of Oqtane, a modular application framework for building web applications, by adding support for FTP file transfers and syncing assets with the database. This feature aims to streamline the process of migrating sites and frameworks by handling large amounts of assets more efficiently. FTP Integration for Asset Management:
Zip File Upload and Extraction:
Functionality:
Synchronization with File Manager and Database:
Benefits:
By implementing this enhancement, Oqtane will offer a more robust and user-friendly asset management solution, greatly benefiting developers and site administrators involved in large-scale migrations or frequent asset updates. |
@leigh-pointer I am investigating how the unzip feature could be integrated from a UI perspective. I believe that there are scenarios where you would want to retain a zip file in its compressed form, as well as scenarios where you would want it to be unzipped. So this basically means that the framework cannot make assumptions - it would need user input. So one option is that this feature could be integrated into the File Management UI in the Admin Dashboard... when you select Edit next to a file it opens the File Management modal and if the file is a ZIP file it could display an Unzip button: This would provide the user with the ability to unzip a ZIP file (and the backend would handle all of the path/filename/extension validation logic). However this means that this feature would only be available to administrators via the File Management UI - it would not be available via the FileManager component (which is embedded within modules). Would this satisfy the requirement? (note that I a, ignoring the FTP enhancement outlined above, as this is a different enhancement unrelated to ZIP files and should be logged separately) |
@sbwalker I love what you’re doing with the unzip feature! It’s clear you’re putting a lot of thought into how it can be integrated from a UI perspective, and I really appreciate that you’re considering the different scenarios where users might want to keep a ZIP file compressed or unzip it. |
#4521 allows a zip file to be extracted - note that it currently does not support subfolders - it will extract all of the files into the same folder where the zip file is located. This eliminates the risk of directory traversal vulnerabilities and simplifies the implementation considerably. |
Oqtane Info
Version - 5.1.1
Render Mode - Static
Interactivity - Server
Database - SQL Server
Describe the enhancement
Would be nice to be able to upload a zip file of assests and Oqtuane to add them to the filemanager. The path inside the zip file would dictate the folder stucture on the server.
Anything else?
The text was updated successfully, but these errors were encountered: