subject:"\[magnolia\-dev\] Re\: fileupload into magnolia\-tmp\-dir"

[magnolia-dev] Re: fileupload into magnolia-tmp-dir

2016-11-15 Thread Benjamin Brupbacher (via Magnolia Forums)

sorry... it has side effects:
moving the multiPart filter under the uriSecurity filter breaks the 
activation...

deactivating the whole filter does also breaks the activation, so there seems 
no perfect solution at the time.

-- 
Context is everything: 
http://forum.magnolia-cms.com/forum/thread.html?threadId=0c7666f1-0a4b-439b-8efb-dbe287fecd0d



For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html
Alternatively, use our forums: http://forum.magnolia-cms.com/
To unsubscribe, E-mail to:

[magnolia-dev] Re: fileupload into magnolia-tmp-dir

2016-11-10 Thread Benjamin Brupbacher (via Magnolia Forums)

hey guy… thx 4 the help…

today i also fixed the filter config on my servers... i checked the 
configuration on demo.magnolia-cms.com and i think some stuff has to be 
corrected in the filter config (please correct me when im wrong):
1. there is a "not = true" property missing under 
config:/server/filters/multipartRequest/bypasses
2. the filter config:/server/filters/multipartRequest should be placed under 
the config:/server/filters/uriSecurity filter node, without that its still 
possible to upload unauthenticated (i hope this has no side effects)

PS: i cant access https://jira.magnolia-cms.com/browse/MAGNOLIA-6830, are some 
issues confidential?

-- 
Context is everything: 
http://forum.magnolia-cms.com/forum/thread.html?threadId=0c7666f1-0a4b-439b-8efb-dbe287fecd0d



For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html
Alternatively, use our forums: http://forum.magnolia-cms.com/
To unsubscribe, E-mail to:

[magnolia-dev] Re: fileupload into magnolia-tmp-dir

2016-10-24 Thread Jan Haderka (via Magnolia Forums)

For the reference: https://jira.magnolia-cms.com/browse/MAGNOLIA-6830

-- 
Context is everything: 
http://forum.magnolia-cms.com/forum/thread.html?threadId=0c7666f1-0a4b-439b-8efb-dbe287fecd0d



For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html
Alternatively, use our forums: http://forum.magnolia-cms.com/
To unsubscribe, E-mail to:

[magnolia-dev] Re: fileupload into magnolia-tmp-dir

2016-10-24 Thread Jan Haderka (via Magnolia Forums)

We will be disabling this filter on public by default. If you want to have a 
form in which you allow upload, you have 2 options, either re-enable the filter 
for page/uri in action of the form or handle it in form processor/model that is 
handling the form and process multipart yourself. Whether or not you choose to 
use the filter, you will always have issue w/ ensuring that you cleanup after 
you processed the data.

-- 
Context is everything: 
http://forum.magnolia-cms.com/forum/thread.html?threadId=0c7666f1-0a4b-439b-8efb-dbe287fecd0d



For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html
Alternatively, use our forums: http://forum.magnolia-cms.com/
To unsubscribe, E-mail to:

[magnolia-dev] Re: fileupload into magnolia-tmp-dir

2016-10-19 Thread Benjamin Brupbacher (via Magnolia Forums)

yeah youre right, hardening the security is definitely a good idea... but i 
think its a workaround and the problem itself would not be solved...
as soon as you have a public upload form, you have to enable the 
MultipartRequestFilter and the problem is here again...

-- 
Context is everything: 
http://forum.magnolia-cms.com/forum/thread.html?threadId=0c7666f1-0a4b-439b-8efb-dbe287fecd0d



For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html
Alternatively, use our forums: http://forum.magnolia-cms.com/
To unsubscribe, E-mail to:

[magnolia-dev] Re: fileupload into magnolia-tmp-dir

2016-10-19 Thread Jan Haderka (via Magnolia Forums)

Hi Ben,

all you have to do is configure bypasses to make MultipartRequestFilter 
available only in parts of public webpage where you require functionality, e.g. 
at minimum for /.magnolia and/or at pages where you want to allow people to 
upload files.
Similarly as you should disable access to admin central on production public 
instances from all but internal IP addresses.

HTH,
Jan

-- 
Context is everything: 
http://forum.magnolia-cms.com/forum/thread.html?threadId=0c7666f1-0a4b-439b-8efb-dbe287fecd0d



For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html
Alternatively, use our forums: http://forum.magnolia-cms.com/
To unsubscribe, E-mail to:

[magnolia-dev] Re: fileupload into magnolia-tmp-dir

2016-10-18 Thread Christoph Meier (via Magnolia Forums)

Thanks a lot Benjamin for providing the infos.

We will investigate the issue.

-- 
Context is everything: 
http://forum.magnolia-cms.com/forum/thread.html?threadId=0c7666f1-0a4b-439b-8efb-dbe287fecd0d



For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html
Alternatively, use our forums: http://forum.magnolia-cms.com/
To unsubscribe, E-mail to:

[magnolia-dev] Re: fileupload into magnolia-tmp-dir

2016-10-18 Thread Benjamin Brupbacher (via Magnolia Forums)

i was able to upload files to https://demo.magnolia-cms.com which is 5.4.9… 

here a bit cleaned version of the poc above
[code]
 
[/code]

you can check if the file is in the demo instance with the groovy console:
[code]
myList = Path.getTempDirectory().listFiles()
myList.each{println it}
[/code]

-- 
Context is everything: 
http://forum.magnolia-cms.com/forum/thread.html?threadId=0c7666f1-0a4b-439b-8efb-dbe287fecd0d



For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html
Alternatively, use our forums: http://forum.magnolia-cms.com/
To unsubscribe, E-mail to:

[magnolia-dev] Re: fileupload into magnolia-tmp-dir

2016-10-17 Thread Christoph Meier (via Magnolia Forums)

Hello Benjamin

Which version of Magnolia are you using?

-- 
Context is everything: 
http://forum.magnolia-cms.com/forum/thread.html?threadId=0c7666f1-0a4b-439b-8efb-dbe287fecd0d



For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html
Alternatively, use our forums: http://forum.magnolia-cms.com/
To unsubscribe, E-mail to:

[magnolia-dev] Re: fileupload into magnolia-tmp-dir

2016-10-11 Thread Benjamin Brupbacher (via Magnolia Forums)

::bump::

is this problem going to be addressed?

-- 
Context is everything: 
http://forum.magnolia-cms.com/forum/thread.html?threadId=0c7666f1-0a4b-439b-8efb-dbe287fecd0d



For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html
Alternatively, use our forums: http://forum.magnolia-cms.com/
To unsubscribe, E-mail to:

[magnolia-dev] Re: fileupload into magnolia-tmp-dir

[magnolia-dev] Re: fileupload into magnolia-tmp-dir

[magnolia-dev] Re: fileupload into magnolia-tmp-dir

[magnolia-dev] Re: fileupload into magnolia-tmp-dir

[magnolia-dev] Re: fileupload into magnolia-tmp-dir

[magnolia-dev] Re: fileupload into magnolia-tmp-dir

[magnolia-dev] Re: fileupload into magnolia-tmp-dir

[magnolia-dev] Re: fileupload into magnolia-tmp-dir

[magnolia-dev] Re: fileupload into magnolia-tmp-dir

[magnolia-dev] Re: fileupload into magnolia-tmp-dir

10 matches

Site Navigation

Mail list logo

Footer information