Thread

I’m using the safecracker_file upload in a safecracker form and I’m getting an error when I try to upload files.  When logged in as a super admin, the form works fine.  But when logged in as any other member group, I get this error:

Participant Uploads - The file could not be written to disk.

note:  for some reason if I upload a .jpg file or a .gif file the upload goes through fine, but when I try to upload .txt,.doc,.pdf I get the error.

I’m assuming this is a file permissions problem.  I’ve made sure to set the folder permissions to 777.  I’ve also set the group permissions for the other member groups to allow editing and uploading in this channel.  Does anyone know where else there may be permissions settings I am missing?  or maybe this isn’t a permissions setting problem at all?

Bisculptor,
In your file upload preferences do you have the “allow file types” set to “images only”? You get to your file preferences by going to the ‘Content” tap in your Control Panel, then click on “Files” then choose ‘File Upload Preferences’. Then click on the upload destination in which you are trying to upload the files (the edit pencil on the right hand side) and then view what “allow file types” are allowed. Hope this helps.

Thanks for the assist, Jose B.

bitsculptor, it might also have to do with XSS sanitizing being a bit too zealous. If it works with SuperAdmins and not regular users, that might be the case.

See: http://www.youtube.com/watch?v=LW_TBhQeSCI for information on how to turn it off.

Does that help?

@Jose B.

Thank you for the info.  I actually had already found this setting and had changed it to all file types.  Also at the bottom of that same page it has a section for which group should have access to upload files here. I had also set this value prior to posting.

@Sue

Thank you for the video link.  The answer you gave solved the problem.  I had a feeling it was a security issue.  However, I’m still not happy with the solution.  I want to have the ability to stop them from uploading .doc,.html,.php…etc.  I just want them to be able to upload .pdf.  That’s it.  Is there a way to edit the xss settings to allow only certain filetypes?  And if not, what’s the point of all the settings in ee that ask you whether you want to allow just images or any type of document.  If these settings are still nullified by the xss security setting, then why have them at all?  There’s got to be another reason why these settings won’t work.  Maybe the safecracker_file fieldtype uses the xss scripting and the file fieldtype does not?  So….if I were to use the regular file fieldtype I wouldn’t be having this problem?

Sorry for all the questions, I just want to understand the upload process a little more in-depth than the ee documentation gives.

bitsculptor,

Glad you got it sorted.

Currently we do not have the functionality that would allow you to specify what types of docs you can upload in EE. I do believe that .htaccess rules can be used to do this. I will bring this up with the EE Product Owner (scrum talk for the person in charge of functionality in EE) but that will not help you in the immediate future. And unfortunately I know of no add-ons that allow this either.