Attachment validation bug in 1.0.5 as well as RC2

[Nexus665]

Hi Dev Team,
I looked through the submitted bugs but couldn't find any info about this one, don't know whether anyone else reported it already.

When you attach a file with a disallowed extension to a post and then post the message, you will get an error page stating that this file may not be uploaded. So far, so good, intended behaviour.
However, when you then click on the link below that does a javascript back, you are left with a non-working post form. As in, you cannot edit the text, when you click any of the submit buttons below they will not work, etc.
Spell checking or anything else will not make it work again. Basically, you have to refresh the page (and lose your edits along the way).
I've reproduced this on 1.0.5 and 1.1 RC2 (both on a clean install). I noticed 1.1 RC2 has the filename extension check turned off by default, is this why?

Sorry if this is just a repeat report, hope not.

I'm using FireFox 1.5, where it results in a broken page as described.
It works in IE 6.01 SP2.

[auto394812]

I looked as well and I just found a similar problem.

What I don't understand is why don't all attachments go through validation BEFORE they are inserted? This goes for both client-side and server side validation. I've seen scripts on the web that allow for a check on extension for javascript (admittedly, I couldn't get it to work with a name like "attach[]", but if you guys could figure out a way to set it to get the value by ID and set the INPUT box to have a field like ID="attach1", then it could work... I think.

The reason no validation on the other files is a problem is in the case that a user uploads 3 files and 2 of which are fine, but the 3rd has the wrong file type. 2 files get uploaded and entries get stored in the database, but the message and topic is never set because the 3rd frelled it up.
Now, if a basic amount of validation goes on before they get uploaded, then everthing works out fine. Right now you have 1 loop to go through validation and on each time it tries to upload a file. The way I would recommend changing it is to just make it run as 2 loops. Once to do basic validation, then if it gets through that, try to upload, only if there is a problem with permissions or the directory can I see a reason why you should have an orphan entry in the attachment table.

I believe that this should be a function with the File maintenance area where it looks for and deletes attachments the message id and member id equal to 0...

Koodi [Valitse] Laajenna

DELETE FROM {db_prefix}attachments
WHERE ID_MSG=0
   AND ID_MEMBER=0

[auto394812]

I don't have javascript enabled on my firefox client so I can't test out the javacript (using the BACK button works fine, btw), but I spent a lot of time looking at how the code handle attachments recently. A lot of the information regarding uploaded files are stored in the $_SESSION variable. I almost see why they chose to do this, but it causes problems.

For instance, I try to upload 2 files. The first one is uploaded with no problem and gets inserted into the attachment table. If there is a second file that has a bad filename/extension, then the forum spits out an error message. If you quit from there and try to start a new file, you'll be surprised to see that your new message has a file already attached. Looks like a bug to me.

Again, I can't comment on how firefox breaks b/c it hasn't happened to me, but I can take an educated guess that firefox may freak out by not handling the session correctly.