[magnolia-dev] Re: fileupload into magnolia-tmp-dir
sorry... it has side effects: moving the multiPart filter under the uriSecurity filter breaks the activation... deactivating the whole filter does also breaks the activation, so there seems no perfect solution at the time. -- Context is everything: http://forum.magnolia-cms.com/forum/thread.html?threadId=0c7666f1-0a4b-439b-8efb-dbe287fecd0d For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html Alternatively, use our forums: http://forum.magnolia-cms.com/ To unsubscribe, E-mail to:
[magnolia-dev] Re: fileupload into magnolia-tmp-dir
hey guy… thx 4 the help… today i also fixed the filter config on my servers... i checked the configuration on demo.magnolia-cms.com and i think some stuff has to be corrected in the filter config (please correct me when im wrong): 1. there is a "not = true" property missing under config:/server/filters/multipartRequest/bypasses 2. the filter config:/server/filters/multipartRequest should be placed under the config:/server/filters/uriSecurity filter node, without that its still possible to upload unauthenticated (i hope this has no side effects) PS: i cant access https://jira.magnolia-cms.com/browse/MAGNOLIA-6830, are some issues confidential? -- Context is everything: http://forum.magnolia-cms.com/forum/thread.html?threadId=0c7666f1-0a4b-439b-8efb-dbe287fecd0d For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html Alternatively, use our forums: http://forum.magnolia-cms.com/ To unsubscribe, E-mail to:
[magnolia-dev] Re: fileupload into magnolia-tmp-dir
yeah youre right, hardening the security is definitely a good idea... but i think its a workaround and the problem itself would not be solved... as soon as you have a public upload form, you have to enable the MultipartRequestFilter and the problem is here again... -- Context is everything: http://forum.magnolia-cms.com/forum/thread.html?threadId=0c7666f1-0a4b-439b-8efb-dbe287fecd0d For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html Alternatively, use our forums: http://forum.magnolia-cms.com/ To unsubscribe, E-mail to:
[magnolia-dev] Re: fileupload into magnolia-tmp-dir
i was able to upload files to https://demo.magnolia-cms.com which is 5.4.9… here a bit cleaned version of the poc above [code] [/code] you can check if the file is in the demo instance with the groovy console: [code] myList = Path.getTempDirectory().listFiles() myList.each{println it} [/code] -- Context is everything: http://forum.magnolia-cms.com/forum/thread.html?threadId=0c7666f1-0a4b-439b-8efb-dbe287fecd0d For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html Alternatively, use our forums: http://forum.magnolia-cms.com/ To unsubscribe, E-mail to:
[magnolia-dev] Re: fileupload into magnolia-tmp-dir
::bump:: is this problem going to be addressed? -- Context is everything: http://forum.magnolia-cms.com/forum/thread.html?threadId=0c7666f1-0a4b-439b-8efb-dbe287fecd0d For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html Alternatively, use our forums: http://forum.magnolia-cms.com/ To unsubscribe, E-mail to:
[magnolia-dev] fileupload into magnolia-tmp-dir
hi there i was able to upload files into the magnolia-tmp-dir without any authentification. i stumbled upon it, when one of our magnolia websites had strange files in its tmp. there were some robot-requests that uploaded the stuff. here is the poc as a php-script. guess it needs a cleaner, similar like in this issue: https://jira.magnolia-cms.com/browse/MAGNOLIA-5763 [code] [/code] -- Context is everything: http://forum.magnolia-cms.com/forum/thread.html?threadId=0c7666f1-0a4b-439b-8efb-dbe287fecd0d For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html Alternatively, use our forums: http://forum.magnolia-cms.com/ To unsubscribe, E-mail to:
[magnolia-dev] Bugfixes in Imaging-Moule 2.2.6
Hello Dear Magnolia Team… Are there plans for adding bugfixes to the old releases of the imaging-module, to be specific the version 2.2.6. 2.2.6 is the last version which is compatible to magnolia 4.5 (as far as i see it) Will the version 2.2.6 be added to the Maven Repository? I would definitely help with that and contribute to it… -- Context is everything: http://forum.magnolia-cms.com/forum/thread.html?threadId=16150a4c-3880-4535-92f5-39173332e70d For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html Alternatively, use our forums: http://forum.magnolia-cms.com/ To unsubscribe, E-mail to: dev-list-unsubscr...@magnolia-cms.com
[magnolia-dev] Setting User Properties in 4.5
Hi there… I have seen that from 4.5 on the method setPropery in info.magnolia.cms.security.User is deprecated and not supported anymore. Now I use the method setProperty in info.magnolia.cms.security.MgnlUserManager. This works fine, the JCRNode gets updated. [b]My problem is, that the User-Object in the MgnlContext does not get updated, so when I change a Userproperty, i have to logout and login again.[/b] It seems, that the User-Object is a private field in UserContextImpl, which cant be set. Is there a possibility to initialise the User in the Context again or should I access directly to JCRNodes… -- Context is everything: http://forum.magnolia-cms.com/forum/thread.html?threadId=63b5988e-263d-4fb3-b7e3-88612a72f86b For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html Alternatively, use our forums: http://forum.magnolia-cms.com/ To unsubscribe, E-mail to: dev-list-unsubscr...@magnolia-cms.com