Jump to:

1156 Posts in 2568 Topics by 408 members

Upgrading SilverStripe

SilverStripe Forums » Upgrading SilverStripe » Upload file fails in 2.2.4

Ask questions about upgrading SilverStripe to the latest version.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Page: 1
Go to End
Author Topic: 2507 Views
  • keeny
    Avatar
    Community Member
    48 Posts

    Upload file fails in 2.2.4 Link to this post

    We recently upgraded all our 2.2 sites to 2.2.4 for security reasons.

    As a result uploading a file through the cms now fails with the following error:

    FATAL ERROR: Folder::addUploadToFolder() File is not a valid upload

    All our sites on the same server that are 2.3.1 work fine. I tracked the problem down to line 216 in 'sapphire/filesystem/Folder.php' and commented out the following code:

          if(isset($tmpFile['tmp_name']) && !is_uploaded_file($tmpFile['tmp_name'])) {
             user_error("Folder::addUploadToFolder() File is not a valid upload", E_USER_ERROR);
             return false;
          }

    Now the uploads work. BUT what is the consequence of commenting this out? This is a security release, so has this code been added for any security reason?

    I'd really appreciate any thoughts on this.

    Thanks,

    Barry.

  • Aram
    Avatar
    Community Member
    598 Posts

    Re: Upload file fails in 2.2.4 Link to this post

    Hi Keeny

    I wasn't aware there was a 2.2.4...? I thought 2.2.3 was the last 2.2 release?

    Anyway I have had this problem when trying to upload files larger than my PHP memory limit, do you get this behavior with small files too (<2MB)?

  • keeny
    Avatar
    Community Member
    48 Posts

    Re: Upload file fails in 2.2.4 Link to this post

    Hiya Aram,

    2.2.4 is a security release - you should upgrade if you are running 2.2.x sites. http://www.silverstripe.org/security-releases/

    Yes, we get this behaviour even with small files. Once the offending code is commented out, uploads work fine. But I don't know what the impact of that is!

    Cheers,

    Barry.

    2507 Views
Page: 1
Go to Top

Want to know more about the company that brought you SilverStripe? Then check out SilverStripe.com

Comments on this website? Please give feedback.