ExpressionEngine CMS
Open, Free, Amazing

Thread

This is an archived forum and the content is probably no longer relevant, but is provided here for posterity.

The active forums are here.

File Manager 2.3.1 Upload Issue with Member Group

December 07, 2011 11:07am

Subscribe [4]
  • #1 / Dec 07, 2011 11:07am

    Mediafluent

    15 posts

    This question may be related to a resolved thread.

    We’ve encountered a very strange error in the File Manager. Super Admins can upload all types of files into our /library/ and so can our Member Group “Editors.” However, our client (Editors) notified us that they were getting “The file could not be written to disk” errors on various pdf and doc files.

    At first, we could not duplicate it but then we found a pdf that gave us this error. This pdf file uploads fine in a Super Admin account but always gives a disk write error for the Editors member group. IN FACT, I just tried to Attach this pdf file to this post and got the same error on the EE Forums! (I can send it by email to you if needed)

    Any ideas why some files cause this error for this Member Group?

    Thanks,
    Jim

  • #2 / Dec 08, 2011 11:52am

    Kevin Smith

    4784 posts

    Hi Jim,

    The most likely cause of this error is that something about those PDFs is triggering EE’s XSS filter, so the upload is rejected for the sake of security. My recommendation here would be to add some config variables to your config.php file to make exemptions for member groups or specific members, like this:

    $config['xss_clean_member_exception'] = '3|14|83';

    Or…

    $config['xss_clean_member_group_exception'] = '2|5';

    That will allow you to give the right users the ability to upload PDFs without an issue!

    Do be aware, however, that you don’t want to completely disable XSS protection on your site. It’s a security precaution that does need to be in place, and exemptions should only be made for those users that you trust will not be uploading potentially dangerous files.

    Does this help?

  • #3 / Dec 12, 2011 9:51am

    Mediafluent

    15 posts

    Thanks. That solution works great!

    If EE team would like to have the troublesome pdf for testing, I can send it.

    Jim

  • #4 / Dec 12, 2011 5:31pm

    spcejunk

    27 posts

    This fix worked for me as well. Thanks!

    FWIW: Something like “You are trying to upload and unsafe file” might be a better error message.

  • #5 / Dec 13, 2011 7:38pm

    Sean C. Smith

    3818 posts

    spcejunk,

    Glad to see that Kevin was able to help you out.

    Sean

.(JavaScript must be enabled to view this email address)

ExpressionEngine News!

#eecms, #events, #releases