Clean out unused media items from Umbraco media folder
Wednesday, September 03, 2008 4:15:14 PM (GMT Standard Time, UTC+00:00)
When uploading some new media items for a client today we noticed that if you selected "Remove" before saving, it doesn't actually remove the file from the FileSystem. Having a quick look around the forums I saw there are a few posts already pointing this out so I thought I'd fix it.
This is a little application that simply checks the media items in the database and then compares it against a folder you select on your machine. If the file is in use according to the database then it's ignored otherwise it will remove it.
To use:
- Enter your server's login details
- Click "Test Connection"
- Select the relevant database from the drop down
- Check the "Media Folder Name" matches your Umbraco's installation
- Locate your Media Folder on your computer
- Click "Check Media Folder" -this will then list all the orphan files
- If it looks right, click "Delete" -with caution
- Job done
There are a few checks in place to avoid mishap but it's not 100% foolproof as I needed something rough and ready to sort a couple of installations out. If this is something that's seen as useful I'll extend it a touch, some ideas I've got already:
- Check that the selected media folder matches that of the database
- Check that the media id's are the same (to avoid wiping another installation)
- Save config settings for easy re-use
- Use webservices rather than a direct connection to the database
- Enable FTP useage
Please note: I accept no responsibility if anything was to go horribly wrong with this. I would backup your folder first just in case!
You can download the MediaFolderCleaner application here
How to: Convert Hexadecimal Strings
Tuesday, July 15, 2008 9:25:56 AM (GMT Standard Time, UTC+00:00)
As it's my Birthday today I thought I'd post a silly ditty. I'm currently altering Protx's old ASP.Net library to accommodate their changes in regards 3D Secure and while reflecting some of the code came across an enum with their number representations as Hexadecimal strings. I needed to convert these to decimals so thought I'd share a quick and easy way to do it.
Open up Window's Calculator (Windows Key + R then type in calc) under the View menu select "Scientific". Press the F5 key to switch over to Hex entry. Type in the value after the 0x and hit F6
Simple, easy and will help you convert all those Hexadecimal strings (ones that look like this: 0x01 or 0x1a).
Right, time for a coffee :)
UK Umbraco meet up
Friday, June 20, 2008 11:17:58 PM (GMT Standard Time, UTC+00:00)
In a previous post about CodeGarden 08, I asked people to get in touch if they'd be interested in a UK Umbraco meet up. I've had a fair few people get in touch so I think it's something worthwhile pursuing further. The nest stage from my POV is working out the location and potential content of the meet so I thought I'd open it up to the floor.
With the forthcoming DDD7, I thought it might be a ready-built platform that we could use but I agree with Phil that DDD7 may not be a suitable platform for a multitude of reasons.
As I've had people from the South West and Scotland voice an interest, I don't think it'll suit the majority of people to have it based in London so suggest it is based in the Midlands -probably Birmingham as it's easy to get to (M6 from the North, M4 from London, M5 from the South -or train!) and there are plenty of places to have the meet.
In regards the format/content of the meet, does anyone have any suggestions? We could follow Niels' and Per's open format or we can have a more structured theme? I've not had too much of a think as to subject matter but some I have come up with so far:
- An introduction to Umbraco and what it is (many of the people I've spoken to have only just started using Umbraco)
- Examples of Umbraco how Umbraco can be used
- More advanced Umbraco functionality (membership etc)
- Getting to grips with XSLT
- How to sell Umbraco to your clients
So that's where I've got to so far, does anyone have anything to add?
BTW the logo is just a working logo atm, need to have Niels approve it ;)
Update: I have posted a post on the Umbraco forums about a UK Umbraco meet here
Talk about a confusing error message
Wednesday, June 18, 2008 10:37:58 PM (GMT Standard Time, UTC+00:00)
I don't mind when I get told I've made a mistake -or there's a problem with the system but this error message kinda takes the P! Quite what the developers were thinking when they wrote this one I'm not sure!
What do I do? celebrate that it went through ok or commiserate because it failed?
The "Ok." relates to the transaction completing without an issue, the "Stop" actually says that it failed so it's not even "Part A was ok, but Part B failed". Really odd, someone needs to look into testing their system.
Looks pretty though!
CodeGarden 08 -been there, done that, got the t-shirt!
Tuesday, June 10, 2008 6:18:53 PM (GMT Standard Time, UTC+00:00)
So things have been manic here the past week, for those of you who didn't know, I popped over to Denmark at the last minute to attend Umbraco's CodeGarden 08. It was great fun and I have to thank Niels Hartvig and Per Ploug Hansen for putting on a great couple of days.
You can check out my photos from the event on Flickr (bear with me, I'm just getting started with Flickr).
I'm sure a fair few people have blogged about the highlights (if you're interested check www.umbraco.org) but the biggy was announcing the release of Umbraco v3.14.0 which is pretty exciting news as it has a ton of feature enhancements and UI improvements. Also, you'll be pleased to hear that they're making 2008 the year of Umbraco documentation!
Another interesting points from the conference was the pending release of Umbraco.TV which will feature tutorial videos and insights from the core team on how to use Umbraco and the Umbraco store which allows you to easily distribute the packages you make :) All in all some interesting developments.
There were also a fair few English developers at the conference so discussion inevitably turned to a UK meet (I know there are a fair few designers and developers here that couldn't justify the expense) so that's something that I'm going to look into setting up. If this is something you'd be interested in, leave a comment or drop me an email and we'll see how much interest there is.
To all the rest of you -it was great to meet you, you're all a lovely bunch and I look forward to meeting you again at CodeGarden 09!
The other thing I've finally clarified (this is for you Simon!) is the Umbraco licensing rules so if you're unsure on those, check out my post on when you need to purchase an Umbraco license (the answer is always -or never, it's up to you!).
When do I need to buy an Umbraco license?
Monday, June 09, 2008 5:16:00 PM (GMT Standard Time, UTC+00:00)
This may seem a slightly obvious/silly post but the answer is simple -it's just not *that* well documented/explained.
In a nutshell there are three scenarios you need to worry about:
- Using Umbraco in a non-commercial environment with the branding (logos etc) intact -no fee
- Using Umbraco in a commercial environment with the branding (logos etc) intact -no fee
- Using Umbraco in a commercial environment without the branding (logos etc) -fee
So there you have it. But to be fair, you should always pay for it if you're using it in a commercial environment just because it's a great product (and it's good for your karma!)
A seriously elegant SQL Injection -how it was sorted
Thursday, May 29, 2008 2:32:33 PM (GMT Standard Time, UTC+00:00)
Doug Setzer posted this comment in response to my recent "A seriously elegant SQL Injection" post and I thought it may be of interest to others so have promoted it to a post...
Well, I'll step up and say that I am the "mate" who had this done. Tim's right - *always* sanitize your inputs. In my defence, this was a site that I inherited from a previous contractor. I'm not entirely absent of blame, I still should have done a security sweep through the code.
I'd like to document the steps that I went through once this was identified to try and avoid this kind of thing in the future.
- Edit every web page that executes a query to sanitize any parameters that are passed in. Since the site was classic ASP, I used my "SQLStringFieldValue" function:
www.27seconds.com/kb/article_view.aspx?id=50 - Modify the DB user account that is used to have *read only* access to the database
- Modify the pages that DO write to the database to have *read/write* access to the specific tables that are being changed. This limits the number of places that SQL Injection can occur to a smaller set than was previously possible. I still sanitize all of my input, but I'm extra spastic in these database calls.
- Add database auditing (triggers writing to mirror tables with audit event indicator & date/time) to see when data changes occur. This is still problematic with the pages that have "write" permissions to the tables, but again- that footprint is much smaller.
My future plans are to move to a view/stored procedure based architecture. I can then limit write permissions to just the stored procedures and read permissions to just the views. My grand gusto plans are to move to using command objects & parameters, but I'd sooner re-write the entire site.
Although Doug's attack wasn't the same nihaorr1.com attack that's going around atm it was similar so I would imagine other's will find this useful.
It still amazes me how many developers still fail to sanitise strings, only last week I came across another site (in PHP) that was allowing simple SQL injections to be used to log into their administration system. It was down to a problem with the sanitization string, but why not at least check your site before it goes live? It takes 2 minutes and even less to fix...
For those of you who need a few pointers, there's a good discussion or two about sanitising strings on the 4 Guys From Rolla site.