By bengtan on

I would like to try out fileshare.module, but the module page says that access is denied.

I suspect this is because of security advisory SA-2008-004.

In CVS, it seems that some sort of security related check-in has been committed (http://cvs.drupal.org/viewvc.py/drupal/contributions/modules/fileshare/f...) after the advisory was announced.

Is there a chance we can get a review of fileshare.module so it might be unblocked so we can start using it again? Thanks.

(By the way, I have no idea where is the right place to post this request. Please re route this message as necessary.)

Comments

merrillie’s picture

merrillie commented

I use it for a repository of files and no one else has permission to upload so I hope that means it is still relatively safe.

The layout of the folders and files has been great I would really hate to start looking for another way to do this as easily as this one. Took me awhile to find this solution.

I also hoped to use this module for minutes of meetings on our Intranet when it moves into Drupal.

To those working on it , thank you and I hope you solve the issues.

ivo72’s picture

ivo72 commented

Hi,

I am about to create a 120 page Intranet and intend on using fileshare because its a great module which allows one to create sub folders and upload and edit without having to go into the edit view. It would be a shame to see this module disappear.

The client's main purpose is to use the intranet for attachments/documents. I have looked at other file/ upload modules but nothing really compares in terms of funcitonality and simplicity.

Does anyone know of a good substitute that allows subfolder creation or should I just continue to use fileshare.

Being an Intranet we're not really worried about the security issues, just more concerned with reliability esp when we start getting a lot of attahcments.

Also in private mode on an IIS server, when clicking on an attachment we get th error about failing to return and incomplete set of http headers? Is there a patch for this or should we just run apache?

Lastly, perhaps not a fiar question for the developer of this module as he/she hasnt resloved the issue yet, but if i continue to use fileshare now , would i be able to the upgraded version (if this occurs) without having to rebuild everything?

thanks very much,
Ivo
Perth, Australia

miagd’s picture

miagd commented

I've spent 2 days testing files systems (even 3rd party options) and the deeper I dig..... the more everything points to the fileshare.module.

Can anyone recommend a file system solution with these 2 pieces of functionality?
1. Create folders
2. Make those folders only visible by authenticated users/profiles (within a role)

EXAMPLE: Image 2 directories (labeled username1 and usernamer2). When Username2 logs in, she can only see the directory "username2" with all the directories and docs within that folder (and not the "username1" folder).

Thank you for any help or pointing me in the right direction.

- regards