Thread

Having an issue with member groups other than superadmins uploading a pdf file. superadmin no problem. other group file uploads (i see the progress in chrome) and then the upload dialogue just hangs and never completes. Normally I would just turn off xss filtering which seems to have issue with some pdf’s but that wont work in this site as there will be public uploads and as I understand it that is a risk to leave that turned off.

So the question is does EE handle XSS filtering differently for superadmins vs other groups or should I be looking at a member group setting? The group in question is permitted to upload to the directory.

EE 2.4 Build: date 20120123

Hi PhilBrienesse,

Hi Phil,

Thanks for your question!

Where are users uploading files? In a SafeCracker or in the Control Panel?

Can you show me your template code if you are using SafeCracker?

Cheers,

Just in the regular control panel. Its using a wygwam field but it is set to use the native EE file manager for uploads which is why I am posting here as opposed to their support forum.

Just updated to 2.5 as i noticed there was a note there about XSS filtering. Didn’t make any difference. Also tried uploading via the file manager to rule out any issues with wygwam and the behaviour is the same. File progress gets to 100%, dialog box goes blank and then just hangs.

Hi Phil,

Have you made sure that the Member Group has access to the File Manager in the Member Group preferences?

I recall an issue where the member group needed access to the area in the Control Panel as well in order for files to upload successfully.

Can you check that can get back with me?

Cheers,

Yes they do have access to the file manager. Just to be clear as there may be a bit of confusion here. This group has access to the control panel it is the main editor group. The only reason i put in about the public postings was that I didn’t want to turn off xss filtering as the sollution, so there wouldnt be any harm from the public posting end of things but that is a different group all together.

Does safecracker file apply xss filtering regardless of the setting in the control panel if so perhaps i can turn off filtering to solve the issue but I am concerned about any security issues.

Phil

Did this thread get lost?

Hi PhilBrienesse,

Sorry for your delays!

Did this thread get lost?

Nope, but we are still recovering from the long weekend 😊

Ok, I just need to make double sure we are on the same page here:
Editor group - has permission via the Upload Destination preferences to use this location.

Members-> Member Group: Editor Group: Edit Group: Control Panel Access->Can access CONTENT: File Manager - Yes

Is that correct?

If so, and you still have this issue, we would like to get a closer look.

Cheers,

Yes that is correct. PM’ing you creds.

Looks like your mailbox is full. I will try again in a bit.

Hey PhilBrienesse,

As a general rule, we keep our Private Messages disabled. Login creds would not be secure in a PM.

It sounds like Dan wants to bring you into Private Support to get a closer look. He is busy today taking care of the FRUP today for Kyle.

I will go ahead and get that ball rolling. Be on the lookout for an email from EllisLab.

Cheers,

Hi Phil,

As I noted in the private email, I believe this has to do with the low file-size limit in PHP.

Work with your host to increase that limit and I think you will be in good shape.

Let us know if you need anything else!

Cheers,

Hey Dan,

I can get the post_max increased but thought I would point out that I can upload the pdf in question as a super admin using the file manager or wygwam field it is when I switch to the member group that the client uses that the file cant be uploaded. Because of this I would suggest it is not post_max related. The file is actually under the post_max limit. Can I suggest that you download the file I linked to you, change the name and then try and upload it while logged in as one of the Client Admin group users either using file manager or in wygwam. I think you will find it doesn’t work. Go back as a super admin and you will see you are able to upload it.

Phil

Hi Phil,

I am happy to go back in for a look, but I assure you - I did use the file you linked to, which registered at 8.1MB, larger than the post_max_limit

I renamed that file and attempted to upload while logged in as a member of the group you say is having trouble and was unable to upload that file. However, I was able to upload a PDF of smaller size.

I’ll follow up with you in Private email.

Cheers,

Ok I am feeling very sheepish and a little stupid. I have no idea why a superadmin could upload the file but not the clientadmin. Perhaps it was just luck once and not the other time. Anyway I upped the post_max and it was successful. Didn’t think this should be an issue as never had this issue with this host before but apparently its a new box and wasnt configured with higher levels.

Sorry for taking up your time and thanks for the assistance.