[magnolia-dev] Re: fileupload into magnolia-tmp-dir
sorry... it has side effects: moving the multiPart filter under the uriSecurity filter breaks the activation... deactivating the whole filter does also breaks the activation, so there seems no perfect solution at the time. -- Context is everything: http://forum.magnolia-cms.com/forum/thread.html?threadId=0c7666f1-0a4b-439b-8efb-dbe287fecd0d For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html Alternatively, use our forums: http://forum.magnolia-cms.com/ To unsubscribe, E-mail to:
[magnolia-dev] Re: fileupload into magnolia-tmp-dir
hey guy… thx 4 the help… today i also fixed the filter config on my servers... i checked the configuration on demo.magnolia-cms.com and i think some stuff has to be corrected in the filter config (please correct me when im wrong): 1. there is a "not = true" property missing under config:/server/filters/multipartRequest/bypasses 2. the filter config:/server/filters/multipartRequest should be placed under the config:/server/filters/uriSecurity filter node, without that its still possible to upload unauthenticated (i hope this has no side effects) PS: i cant access https://jira.magnolia-cms.com/browse/MAGNOLIA-6830, are some issues confidential? -- Context is everything: http://forum.magnolia-cms.com/forum/thread.html?threadId=0c7666f1-0a4b-439b-8efb-dbe287fecd0d For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html Alternatively, use our forums: http://forum.magnolia-cms.com/ To unsubscribe, E-mail to:
[magnolia-dev] Re: fileupload into magnolia-tmp-dir
For the reference: https://jira.magnolia-cms.com/browse/MAGNOLIA-6830 -- Context is everything: http://forum.magnolia-cms.com/forum/thread.html?threadId=0c7666f1-0a4b-439b-8efb-dbe287fecd0d For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html Alternatively, use our forums: http://forum.magnolia-cms.com/ To unsubscribe, E-mail to:
[magnolia-dev] Re: fileupload into magnolia-tmp-dir
We will be disabling this filter on public by default. If you want to have a form in which you allow upload, you have 2 options, either re-enable the filter for page/uri in action of the form or handle it in form processor/model that is handling the form and process multipart yourself. Whether or not you choose to use the filter, you will always have issue w/ ensuring that you cleanup after you processed the data. -- Context is everything: http://forum.magnolia-cms.com/forum/thread.html?threadId=0c7666f1-0a4b-439b-8efb-dbe287fecd0d For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html Alternatively, use our forums: http://forum.magnolia-cms.com/ To unsubscribe, E-mail to:
[magnolia-dev] Re: fileupload into magnolia-tmp-dir
yeah youre right, hardening the security is definitely a good idea... but i think its a workaround and the problem itself would not be solved... as soon as you have a public upload form, you have to enable the MultipartRequestFilter and the problem is here again... -- Context is everything: http://forum.magnolia-cms.com/forum/thread.html?threadId=0c7666f1-0a4b-439b-8efb-dbe287fecd0d For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html Alternatively, use our forums: http://forum.magnolia-cms.com/ To unsubscribe, E-mail to:
[magnolia-dev] Re: fileupload into magnolia-tmp-dir
Hi Ben, all you have to do is configure bypasses to make MultipartRequestFilter available only in parts of public webpage where you require functionality, e.g. at minimum for /.magnolia and/or at pages where you want to allow people to upload files. Similarly as you should disable access to admin central on production public instances from all but internal IP addresses. HTH, Jan -- Context is everything: http://forum.magnolia-cms.com/forum/thread.html?threadId=0c7666f1-0a4b-439b-8efb-dbe287fecd0d For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html Alternatively, use our forums: http://forum.magnolia-cms.com/ To unsubscribe, E-mail to:
[magnolia-dev] Re: fileupload into magnolia-tmp-dir
Thanks a lot Benjamin for providing the infos. We will investigate the issue. -- Context is everything: http://forum.magnolia-cms.com/forum/thread.html?threadId=0c7666f1-0a4b-439b-8efb-dbe287fecd0d For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html Alternatively, use our forums: http://forum.magnolia-cms.com/ To unsubscribe, E-mail to:
[magnolia-dev] Re: fileupload into magnolia-tmp-dir
i was able to upload files to https://demo.magnolia-cms.com which is 5.4.9… here a bit cleaned version of the poc above [code] [/code] you can check if the file is in the demo instance with the groovy console: [code] myList = Path.getTempDirectory().listFiles() myList.each{println it} [/code] -- Context is everything: http://forum.magnolia-cms.com/forum/thread.html?threadId=0c7666f1-0a4b-439b-8efb-dbe287fecd0d For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html Alternatively, use our forums: http://forum.magnolia-cms.com/ To unsubscribe, E-mail to:
[magnolia-dev] Re: fileupload into magnolia-tmp-dir
Hello Benjamin Which version of Magnolia are you using? -- Context is everything: http://forum.magnolia-cms.com/forum/thread.html?threadId=0c7666f1-0a4b-439b-8efb-dbe287fecd0d For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html Alternatively, use our forums: http://forum.magnolia-cms.com/ To unsubscribe, E-mail to:
[magnolia-dev] Re: fileupload into magnolia-tmp-dir
::bump:: is this problem going to be addressed? -- Context is everything: http://forum.magnolia-cms.com/forum/thread.html?threadId=0c7666f1-0a4b-439b-8efb-dbe287fecd0d For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html Alternatively, use our forums: http://forum.magnolia-cms.com/ To unsubscribe, E-mail to: