Announcement

Wayne Luke · Mon 8 Jun '20, 1:03pm

Please implement a Enabled switch for various modules and widgets so we can disable a module/widget without having to delete it.

There are actually two ways to do what you want already.

Edit the module and set "Show module at these screen sizes:" so that no options are selected.
Set the viewing permissions to "Show to Specific Groups" and then select no usergroups.

The module will disappear from the screen and you'll be able to edit it in the future to bring it back.

For modules like forums, setting the display order to 0 hides a forum but anyone can still access it if they know the url.

Modules do not have a URL so this is not practical.

Enabled switch could be used in filter clauses internally to show/hide/render items. If we need to disable a specific group, we can just turn off the switch for it. If we need to disable a specific blog due to any reasons, we can flag it without having to tinker with permissions. Enabled switch gives us quick and precise control which is purpose-driven.

The problem with switches here, there, and everywhere is that they are difficult to maintain, support, and remember where you actually made the change to undo it. This creates more workload for everyone, including yourself. Modules already have group based permissions on who can view them. The content within modules, is based on the channel permissions assigned to the viewer. Remove the usergroup's "Can View Channel" permission and they won't see the content inside it.

uploading images could be controlled through a flag on sites where only hot linking is allowed). Small images with size limits may still be allowed for profile, group icons, etc but uploaded images inside postings could have legal/copyright issues resulting in take takedown notices and causing headaches. The switch would force users to hot link images from other sites and no uploading. Please see Invision Board where it is so easy to just paste image links and they get parsed and hot linked when uploads are disabled but icon uploads still work for profile pictures. It works perfectly in Invision.

You can force users to hotlink by removing their permissions to upload specific Attachment Types under Attachments -> Attachment Permissions. Viewing Invision Board and implementing it the same way they accomplish this is actually illegal. The very thing you're trying to prevent.

also, on Asian forums, more than 75% of the posts/comments will have images to express themselves which means millions of image uploads on a site that has millions of posts/comments. If we can just disable uploads, it would resolve this issue. Setting image size limit to 1 kb as a workaround - users can still upload images less than 1 kb (users will not be able to upload profile and group icons with this setting limit because vb reuses the same setting for more than one purpose - upload size limit which is also enforced on essential profile /group icons).

You can disable image upload and restrict the size of images that can be uploaded. This has been a feature of vBulletin since 1.0 There is an entire section of the AdminCP dedicated to managing attachments as well as what can and cannot be uploaded. Look for Attachments in the left hand navigation of the AdminCP. Click the Help icons for more information on each option in the different sub-sections.

webcms · Tue 9 Jun '20, 3:03pm

About legality of hot linking images from other sites, I’m not a lawyer but it may not be as serious as uploading copyrighted images by users to be hosted on our site. On Facebook, Instagram, Quora they have a fleet of staff to look into takedown notices but on a small site with just one person and receiving 200 takedown notices a day would be a nightmare and divert our focus from building a business.

At the most, we may be piggybacking on the image site owner’s bandwidth by hot linking. If the image site owner is concerned about hot linking, they would control it with htaccess or serving up a wrong image file as a notice. Google image search uses hot linking images from other sites and also does caching to host images on their own regional cloud servers to speed up searches without which it won’t be performant.

i tried earlier configuring Settings > Options by lowering image upload sizes but that affected profile icons and group icons uploads sizes too and had to increase the limit to 20 kb. This will still allow users to upload icon images up to 20 kb but does not disable image uploads.

I tried to hot link an image using the picture toolbar icon in the editor but the popup actually tried to upload the image file and gave a size limit error.

Will using Attachments section in admincp have similar issues?

Wayne Luke · Tue 9 Jun '20, 3:11pm

Will using Attachments section in admincp have similar issues?

Attachments are the very definition of files uploaded to your server. You don't want this. Remove the attachment permissions completely. Yes, this will affect group icons, logos, etc... They are attachments. You can allow yourself this permission, without allowing others to attach them. Every single Attachment type is controllable by usergroup under Attachment Permissions.

the only way to hot link images I found so far is by switching to editor html source and use [IMG] tags which users won’t be savvy enough to do so. Otherwise using the hyperlink toolbar icon just inserts a link with no image rendered in the posted content.

Really I think you have this overblown thinking in your head. How many take down orders have you received?

The problem is that you want to operate outside the norm. The majority of sites do not want this or have problems with people uploading their own images, memes, what have you. I don't know maybe your site's content encourages piracy and it will be a larger problem than I think it will be.

If you feel more needs to be added to the system, you're welcome to create a well worded Feature Request. Should it gain community support or fulfill a real security need, it can be added to the software in the future. Right, now, your best off just not allowing attachments at all.

webcms · Tue 9 Jun '20, 3:31pm

Vb is applying image size limits to essential profile/group icons and that is where I found the issue was. I guess having a separate size limit for essential icons instead of reusing the same size limit parameter would be ideal. I worked around it by setting the limit to 20 kb and it works for profile/group icons. When users try to upload images into comments, etc, they usually exceed 20 kb and stops them from uploading.

i actually deleted the last para from my previous post that you referenced as I found a checkbox on the image popup to “retrieve remote file and reference it locally” unchecking which would hot link the image file.

i was thinking of starting a new forum for Asian audience where more than 75% posts/comments would have images from users (it’s just the way they are - they just copy silly image links and paste into the editor on most comments to express themselves for humor, etc - no piracy intended) and ran into this hot linking issue. With over 75% comments having images, I thought of future implications of uploaded copyrighted files going out of control and becoming a nightmare. It’s a training issue to use the image popup (as opposed to pasting the link directly into the editor which does not parse) and uncheck the upload checkbox to hot link.

webcms · Tue 9 Jun '20, 3:44pm

i guess the simple solution is a change to uncheck the “retrieve remote file and reference it locally” checkbox by default on the image popup to hot link images as users don’t notice the checkbox or it’s purpose. If the user wants to upload image, they would check the box. Default behavior to hot link images is ideal because we can always reopen the popup and convert the hot linked file, set it to retrieve it from remote server and upload to our server to reference it locally if desired but the other way (uploaded file to hot linked file) is not possible unless we redo the hot linking all over again (we may have lost/misplaced the url to the hot linked file by now in the process). Users can decide which method has more legal implications - uploading random copyrighted images from other sites to our site or just hot linking them so they remain hosted on their original servers.

i’ll create a feature request for separate size limits for essential profile/group icons or bypass rules on them so these work independently.

webcms · Thu 11 Jun '20, 5:42pm

Hi Wayne,

I've updated my previous comment above.

I tried changing Attachment Permissions (/admincp/attachmentpermission.php) and setting Max File Size to 20480 bytes for PNG format for these user types -

Administrator
Registered Users
Users Awaiting Moderation
Users Awaiting Email Confirmation

However, I was able to upload PNG images as group icons that are more than 20 KB in size. It uploaded PNG files of 38 KB which was not expected.

Settings > Message Attachment Options > Limit Space Taken Up By Attachments (Total) => is set to 0 (unlimited space).

What else needs to be done to limit uploaded file sizes?

Thanks!

Wayne Luke · Thu 11 Jun '20, 6:16pm

The system will automatically resize all images to the allowed dimensions if it can do so. This has been a feature for a long time.

webcms · Thu 11 Jun '20, 6:29pm

The original image is 464x464 pixels and 38 KB.

After uploading it as group icon, I downloaded the image and verified - it is now 330x330 pixels and 24 KB in size.

No big deal for the extra 4 KB but wondering how it passed the 20 KB limit validation and if image uploads in comments, etc are going to exceed specified limits.

Announcement

Enabled switch for modules and widgets

Enabled switch for modules and widgets

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Related Topics