I know that, but meanwhile there must be some php code modif I can do to correct that meanwhile. Only if you have time though. Cause that mod is really used by guildies to organize raids and runs.

Thanks

I noticed that the new UU (2.6.4) allows for UA to tell it to delete certain addons. How does one use this functionality in UA, or is it implemented in 0.7.6 yet?

Sorry if this is a total newbsauce question...

Jab

Jabouty wrote:I noticed that the new UU (2.6.4) allows for UA to tell it to delete certain addons. How does one use this functionality in UA, or is it implemented in 0.7.6 yet?

Sorry if this is a total newbsauce question...

Jab

This functionality is not in 0.7.6
It will be in UA 0.7.7

blacklisted extensions should be the following ones:

exe,com,jar,vbs,bat,cmd,js,scr,reg,vbe,eml,lnk,pif,wsh,xls,chm

What shall we do with cartographer that has 1 bat file?

fubu2k wrote:blacklisted extensions should be the following ones:

exe,com,jar,vbs,bat,cmd,js,scr,reg,vbe,eml,lnk,pif,wsh,xls,chm

this is what UU 2.6.4 uses:

Code: Select all

      public string[] fileBlacklist = {
                                 ".ade",
                                 ".adp",
                                 ".bas",
                                 ".bat",
                                 ".chm",
                                 ".cmd",
                                 ".com",
                                 ".cpl",
                                 ".crt",
                                 ".doc",
                                 ".eml",
                                 ".emf",
                                 ".exe",
                                 ".hlp",
                                 ".hta",
                                 ".inf",
                                 ".ins",
                                 ".isp",
                                 ".jar",
                                 ".js",
                                 ".jse",
                                 ".lnk",
                                 ".mdb",
                                 ".mde",
                                 ".msc",
                                 ".msi",
                                 ".msp",
                                 ".mst",
                                 ".pcd",
                                 ".pif",
                                 ".ppt",
                                 ".py",
                                 ".rar",
                                 ".reg",
                                 ".scr",
                                 ".sct",
                                 ".sh",
                                 ".shs",
                                 ".url",
                                 ".vbs",
                                 ".vbe",
                                 ".wsf",
                                 ".wsh",
                                 ".wsc",
                                 ".xsl"
                                   };

The list should *not* exist inside of UU at all.. unless somewhere in the settings the extensions can be changed (which they currently cannot)

This sudden desire to "secure" an inherently unsecure system .. it makes less than no sense really..

If i have control over the end user to the point where I can get him to install what I want, and visit a webpage, and download and install items.. the blacklist/whitelist debate here is nothing but a headache for both admins and end users.

Especially retarded in THAT list of files is that it includes .doc, .url, hlp, and bat files.. ALL of which are routinely included with addons.. especially the more complicated addons that users will have more trouble installing vs the simple drop in set it and forget it types that you seem to be focused on..

The blacklist ONLY needs to exist in one place (admin side) and not user side.. and thus should be removed from UU.. this is just gonna become a lovely fork "the working UU" and the "official" UU.

So lets drop the nonsense now and go back to what has worked for the last 2 years ..

gorgeth wrote:The list should *not* exist inside of UU at all.. unless somewhere in the settings the extensions can be changed (which they currently cannot)

exactly my thoughts...

exe, bat, scr, and jar have ALWAYS been blacklisted in UU for as long as I can remember

You have always had the option to compile and re-distribute UU for your own uses, I know this can be a pain...

The other solution is to have UA control what is in the zip file
The only surefire way to do this is to repack addons when they are processed.
This takes a hit on upload time since the addon (which already has to be unpacked) would have to be scanned, the repacked on the server
This would hurt the ability to install multiple WoWAce addons which is already timing out at around 6 (on my server)

UU has this list so that UA doesn't have to repack addon files
It may be conceivable to have UU download the current blacklist from the UA install it syncs with

to upload correctly somes Ace2 addons like bigwigs and furbar, i mus t add .2 and .1, and .0 extention allowed.

UniAdm seen to interpret directory like files

Code: Select all

define('UA_ALLOW_ADDON_FILES' , 'lua,toc,txt,tga,blp,ttf,xml,wav,mp3,nopatch,bak,2,1,0');




I don't really care if UA or UU checks the extensions... or both... but it must be configurable! One other soloution for UU is a Wildcard... in example for cartographer...

Edit: It would be nice to do this in UA (checkbox for a addon that should be on the wildlist)

inherintly insecure as these tools may be, we try to do as much as possible to lower the risk at all.

Discontinuing this approach to insecurety would be ignorance.

As far as it being a headache for people, were doing all we can to lower the intensity of said headaches. Such as the change in UU to simply not extract the files which are blacklisted AND not causing an endless update cycle for that particular addon.

I suggest UA do a similar thing - dont deny an addon edition because of a blacklisted file, but instead neglect the file's row in the file table.

Currently UA doesn't modify the zip file ever doing so would cause too much CPU utilization IMO

What UA does is not put the file information in the database so UU doesn't try to scan the file

How ever... it must be possible, to make cartographer available to UU! otherwise we have to compile our own UU... But that is a bad bad way... I'd really prefer the wildcard feature.

cartographer (and bigwigs) ARE functional and able to be distributed through UU even with the default filters. What is NOT distributed is the .bat file that transforms the addon into Load on Demand addons. No Biggie.

I've been distributing cartographer, oRA2 and BigWigs "as they come from WoWAce" through UU and UA without modification.

It is healthy that by default some extensions are excluded. What would be wishable is to "tick" which files are known safe (not extensions per se). I mean, the .bat file of Carto might be approved but not "just any other .bat". Since MD5s are generated for each file to check their changes, that could be workable. But overly complex.

IMHO it's OK the way it is, although it could be better.