Uploading files with Flash does not work
Even though $TYPO3_CONF_VARS['GFX'][BE][fileDenyPattern] is the default, i.e. "\.(php[3-6]?|phpsh|phtml)(\..*)?$|^\.htaccess$", only php-files are shown in the file selector when using the flash uploader.
Uploading the php files is not possible, due to the fileDenyPattern.
Typo3 4.4.4 doesn't have this bug.
(issue imported from #M17004)
Updated by Helmut Hummel about 11 years ago
Neither I understand the problem, nor can I reproduce it with TYPO3 4.4.6
Can you give us a little more details?
Which uploader are you using (flash or form)?
Did I understand it right, that you cannot upload .jpg or .gif files, but only .php files?
What does the reports module state on the fileDenyPattern topic?
Updated by Stefa No almost 11 years ago
I did recently upgrade from 4.3.1 to 4.4.6 and finally to 4.5.2.
Briefly, with 4.4.6 as with 4.5.2:
Any upload fails using "Flash Uploader (Flash 9+)" with FF and Chrome.
With IE I can upload all files except php/inc,
even if I didn't put these extensions in "fileDenyPattern"
neither in "fileExtensions>webspace>deny".
Date: Monday, April 11, 2011
SO: Win XP SP3
- Firefox 4.0 w/ Flash 10.1.85.3 => cannot upload any file type
- Chrome 10 w/ Flash 10.2.154.25 => cannot upload any file type
- Internet Explorer 7.0 w/ Flash 10.2.152.32 => cannot upload php/inc, can upload other types
(note: sorry, I will go a little off topic)
The test site uses this settings in localconf.php:
$TYPO3_CONF_VARS['BE']['fileExtensions']['webspace']['deny'] = 'php3,php4,php5,php6,phpsh';
in order to:
- deny "php3,php4,php5,php6,phpsh,phtml" extensions
- allow upload for ".php" and ".inc" files, and all other file formats (.txt, ...)
With flash uploader disabled from user preferences,
I can upload the ".inc" files (ok), but not the ".php" ones (bad).
Using flash uploader, I can't upload anything.
It seems that at least the standard uploader
uses only the 'fileDenyPattern' variable.
I was not using fileDenyPattern in localconf.php, so
the default value is used (see t3lib/config_default.php):
This expression will not match .inc, but it will match .php
So I changed it to (note the use of plus instead of the question,
to allow also .php extension):
$TYPO3_CONF_VARS['BE']['fileDenyPattern'] = '\.(php[3-6]+|phpsh)?$';
Now, always with Flash uploader disabled, I can upload the .php files too.
But with flash uploader enabled, even if I set:
$TYPO3_CONF_VARS['BE']['fileExtensions']['webspace']['allow'] = 'php';
$TYPO3_CONF_VARS['BE']['fileExtensions']['webspace']['deny'] = '';
$TYPO3_CONF_VARS['BE']['fileDenyPattern'] = '';
upload of php files fails ("Filetype not allowed for <filename>").
In the flash uploader upload window the default filter is set to '.php'
(it was 'all' before... maybe it is based on the 'allow' variable)
and I receive a warning in the backend main page that I can't remove.
Other tests with Flash uploader enabled (before adding the three lines):
1) the upload of .php/.inc files fails, showing:
"Filetype not allowed for <filename>"
so, the flash uploader can't read the settings?
2) the upload of other file types (i.e.: .txt) shows:
<<All of your uploads failed.
If this problem persists, please try another browser, contact your administrator or disable this "Flash Uploader" in your User Settings.
Detailed problem description:
An input/output error occured (Error #2038). This i.e. happens with servers using a self-signed SSL certificate, which is a limitation of your browser's Flash plugin.
the last line is shown only after some (three?) uploads.
But the site is configured with http protocol only (not https).
For the moment, I'm going to tell users to disable their flash uploader...
Another way to test the fileDenyPattern regexp (useful for standard uploader):
when I create a file (with 'new' in 'fileadmin'), I see this mask:
[*.txt, *.html, *.htm, *.css, *.tmpl, *.js, *.sql, *.xml, *.csv, *.php, *.inc]
it seems that it is obtained by subtracting the fileDenyPattern extensions
from ['SYS']['text_file_ext'], that on the test site is: