I'm was experiencing this issue as well, but I was able to learn some things that fixed my problem and may help others. For me, the "HTTP Error" appeared briefly, but the file(s) do upload correctly if I'm logged in as admin. Some file extensions would not upload correctly if I was not admin.
I'm using MultipleFileUploadField in a slightly unique way where we provide a bulk upload to a folder, but the files are not linked at all by a field on a DataObject.
display_errors is set to 1, dev mode enabled, UploadifyField::show_debug(); set.
I was receiving an email like so:
Error: Uncaught ValidationException: Validation error writing a File object: Extension is not allowed (valid: , ace, arc, arj, asf, au, avi, bmp, bz2, cab, cda, css, csv, dmg, doc, docx, flv, gif, gz, hqx, htm, html, ico, jar, jpeg, jpg, js, m4a, m4v, mid, midi, mkv, mov, mp3, mp4, mpa, mpeg, mpg, ogg, pages, pcx, pdf, pkg, png, pps, ppt, pptx, ra, ram, rm, rtf, sit, sitx, swf, tar, tgz, tif, tiff, txt, wav, wma, wmv, xhtml, xls, xlsx, xml, zip, zipx). Object not written.
At line 931 in /Enterprise_designkh/kh/sapphire/core/model/DataObject.php
I only receive this message for types which are not listed of course, but as I mentioned: if I was logged in as an admin they would still be uploaded. For example, I receive the HTTP Error notice when uploading an exe, but not when uploading a .zip.
However, Uploadify debug info shows:
It looks like the way to modify allowed extensions is a bit clunky: you have to set File::allowed_extensions and update the .htaccess file in the assets folder.
To add extensions to File::allowed_extensions I put the following into _config.php. You could use array_merge() or something if you wanted to add more than one and keep the code pretty.
File::$allowed_extensions = "exe";
Then you can either edit the .htaccess file in the assets folder—there are instructions in that file provided with SilverStripe—or you can just delete the /assets/.htaccess file, though that may not be a good security practice.
After making those changes my problems have gone away and everything works fine now.
As a final thought, could be nice if the extensions set on Uploadify were able to overwrite the File::allowed_extensions, but is it possible to dynamically overwrite the .htaccess file extensions list??