[magnolia-dev] Re: fileupload into magnolia-tmp-dir

[Benjamin Brupbacher (via Magnolia Forums)]

sorry... it has side effects:
moving the multiPart filter under the uriSecurity filter breaks the 
activation...

deactivating the whole filter does also breaks the activation, so there seems 
no perfect solution at the time.

-- 
Context is everything: 
http://forum.magnolia-cms.com/forum/thread.html?threadId=0c7666f1-0a4b-439b-8efb-dbe287fecd0d



For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html
Alternatively, use our forums: http://forum.magnolia-cms.com/
To unsubscribe, E-mail to: 

[magnolia-dev] Re: fileupload into magnolia-tmp-dir

[Benjamin Brupbacher (via Magnolia Forums)]

hey guy… thx 4 the help…

today i also fixed the filter config on my servers... i checked the 
configuration on demo.magnolia-cms.com and i think some stuff has to be 
corrected in the filter config (please correct me when im wrong):
1. there is a "not = true" property missing under 
config:/server/filters/multipartRequest/bypasses
2. the filter config:/server/filters/multipartRequest should be placed under 
the config:/server/filters/uriSecurity filter node, without that its still 
possible to upload unauthenticated (i hope this has no side effects)

PS: i cant access https://jira.magnolia-cms.com/browse/MAGNOLIA-6830, are some 
issues confidential?

-- 
Context is everything: 
http://forum.magnolia-cms.com/forum/thread.html?threadId=0c7666f1-0a4b-439b-8efb-dbe287fecd0d



For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html
Alternatively, use our forums: http://forum.magnolia-cms.com/
To unsubscribe, E-mail to: 

[magnolia-dev] Re: fileupload into magnolia-tmp-dir

[Benjamin Brupbacher (via Magnolia Forums)]

yeah youre right, hardening the security is definitely a good idea... but i 
think its a workaround and the problem itself would not be solved...
as soon as you have a public upload form, you have to enable the 
MultipartRequestFilter and the problem is here again...

-- 
Context is everything: 
http://forum.magnolia-cms.com/forum/thread.html?threadId=0c7666f1-0a4b-439b-8efb-dbe287fecd0d



For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html
Alternatively, use our forums: http://forum.magnolia-cms.com/
To unsubscribe, E-mail to: 

[magnolia-dev] Re: fileupload into magnolia-tmp-dir

[Benjamin Brupbacher (via Magnolia Forums)]

i was able to upload files to https://demo.magnolia-cms.com which is 5.4.9… 

here a bit cleaned version of the poc above
[code]
 
[/code]

you can check if the file is in the demo instance with the groovy console:
[code]
myList = Path.getTempDirectory().listFiles()
myList.each{println it}
[/code]

-- 
Context is everything: 
http://forum.magnolia-cms.com/forum/thread.html?threadId=0c7666f1-0a4b-439b-8efb-dbe287fecd0d



For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html
Alternatively, use our forums: http://forum.magnolia-cms.com/
To unsubscribe, E-mail to: 

[magnolia-dev] Re: fileupload into magnolia-tmp-dir

[Benjamin Brupbacher (via Magnolia Forums)]

::bump::

is this problem going to be addressed?

-- 
Context is everything: 
http://forum.magnolia-cms.com/forum/thread.html?threadId=0c7666f1-0a4b-439b-8efb-dbe287fecd0d



For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html
Alternatively, use our forums: http://forum.magnolia-cms.com/
To unsubscribe, E-mail to: 

[magnolia-dev] fileupload into magnolia-tmp-dir

[Benjamin Brupbacher (via Magnolia Forums)]

hi there

i was able to upload files into the magnolia-tmp-dir without any 
authentification. i stumbled upon it, when one of our magnolia websites had 
strange files in its tmp. there were some robot-requests that uploaded the 
stuff. here is the poc as a php-script.

guess it needs a cleaner, similar like in this issue:
https://jira.magnolia-cms.com/browse/MAGNOLIA-5763

[code]
 
[/code]

-- 
Context is everything: 
http://forum.magnolia-cms.com/forum/thread.html?threadId=0c7666f1-0a4b-439b-8efb-dbe287fecd0d



For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html
Alternatively, use our forums: http://forum.magnolia-cms.com/
To unsubscribe, E-mail to: 

[magnolia-dev] Bugfixes in Imaging-Moule 2.2.6

[Benjamin Brupbacher (via Magnolia Forums)]

Hello Dear Magnolia Team…

Are there plans for adding bugfixes to the old releases of the imaging-module, 
to be specific the version 2.2.6.
2.2.6 is the last version which is compatible to magnolia 4.5 (as far as i see 
it)

Will the version 2.2.6 be added to the Maven Repository?

I would definitely help with that and contribute to it…

-- 
Context is everything: 
http://forum.magnolia-cms.com/forum/thread.html?threadId=16150a4c-3880-4535-92f5-39173332e70d



For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html
Alternatively, use our forums: http://forum.magnolia-cms.com/
To unsubscribe, E-mail to: dev-list-unsubscr...@magnolia-cms.com

[magnolia-dev] Setting User Properties in 4.5

[Benjamin Brupbacher (via Magnolia Forums)]

Hi there…

I have seen that from 4.5 on the method setPropery in 
info.magnolia.cms.security.User is deprecated and not supported anymore.
Now I use the method setProperty in info.magnolia.cms.security.MgnlUserManager.

This works fine, the JCRNode gets updated.
[b]My problem is, that the User-Object in the MgnlContext does not get updated, 
so when I change a Userproperty, i have to logout and login again.[/b]

It seems, that the User-Object is a private field in UserContextImpl, which 
cant be set.

Is there a possibility to initialise the User in the Context again or should I 
access directly to JCRNodes…

-- 
Context is everything: 
http://forum.magnolia-cms.com/forum/thread.html?threadId=63b5988e-263d-4fb3-b7e3-88612a72f86b



For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html
Alternatively, use our forums: http://forum.magnolia-cms.com/
To unsubscribe, E-mail to: dev-list-unsubscr...@magnolia-cms.com