CRITICAL SECURITY VERSION UPDATE:
https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.4.13

The filetype you are attempting to upload is not allowed.

JersJers
edited June 2017 in Bug Reports
Hi,

Since I updated my Fuel-CMS to 1.4 I get this error when I try to upload an asset.
Can you please point me in the right direction to fix this problem.
https://screencast.com/t/Md8GQdLnCdBz

Thanks,
Jeroen

Comments

  • adminadmin
    edited 6:53AM
    What's the file type you are trying to upload and is it and is that file type in the "editable_asset_filetypes" "assets" key parameter in MY_fuel.php? The default value (which is found in the fuel/modules/fuel/config/fuel.php file and overwritten by the contents in MY_fuel.php) is the following:
    $config['editable_asset_filetypes'] = array( 'images' => 'jpg|jpeg|jpe|gif|png|zip|svg', 'pdf' => 'pdf|zip', 'media' => 'mov|mp3|aiff|mpeg|zip', 'assets' => 'jpg|jpeg|jpe|png|gif|mov|mpeg|mp3|wav|aiff|pdf|css|zip|svg' );
    Also, the fuel/application/config/mimes.php may not have the correct mapping for the file you are uploading. I sometimes directly debug that in the CI Upload class looking at the file_type property.
  • JersJers
    edited 6:53AM
    I'm just trying to upload a regular .jpg

    I've pasted the snippet above in both MY_fuel.php and fuel/config/fuel.php.

    Still the same. How can I debug the CI Upload class.
  • JersJers
    edited 6:53AM
    According the CI Upload class the upload image is: image/jpeg
    and the allowed_types are: array(7) { [0]=> string(3) "jpg" [1]=> string(4) "jpeg" [2]=> string(3) "jpe" [3]=> string(3) "gif" [4]=> string(3) "png" [5]=> string(3) "zip" [6]=> string(3) "svg" }

    If I set the $ignore_mime to TRUE then the file will upload.

    Will this be a security risk?
  • adminadmin
    edited 6:53AM
    Are you able to get to what line the CI_Upload::is_allowed_filetype() method is returning false at (e.g. between 885 and 923 in latest release)?
  • edivaledival

    I just got this same thing with the latest version of Fuel. Once I changed /fuel/codeigniter/libraries/Upload.php line 883 to:
    public function is_allowed_filetype($ignore_mime = TRUE)
    It worked fine.

    It returns false at the last return which means no conditions turn it to true in that method.

  • PraveenPraveen

    @edival TQ. Now it's working fine
    In libraries/Upload.php below code is there
    public function is_allowed_filetype($ignore_mime = FALSE)
    Just I remove FALSE and changed TRUE
    public function is_allowed_filetype($ignore_mime = TRUE)

Sign In or Register to comment.