Hi,
A client is having problems uploading PDFs to the server via a file field. They get the error message “The file could not be written to disk.”
I asked them to send me the PDF so I could test and I can upload to the server.
The client is in “Site Admin” member group and I’m in “Super Admin”.
If I disable Apply XSS filtering in the security & privacy section then the client can upload to the server. This is not Ideal.
Could someone please suggest what I need to do to fix this in ExpressionEngine 3.5.4
Thanks.
XSS filtering is a double edge sword, it is going to catch things that are valid sometimes - there is just no way to code around it. If this is just a one-off for you I’d do it manually and move along - if it’s a constant issue you may need to turn off XSS filtering for the backend.
If these are trusted users, you can whitelist them from XSS checks—either the member(s) individually, or an entire group, which sounds like it might be more appropriate in this case based on the group name. See the xss_clean_member_group_exception
config override.
Packet Tide owns and develops ExpressionEngine. © Packet Tide, All Rights Reserved.