Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

We've moved the forum!

Please use forum.silverstripe.org for any new questions (announcement).
The forum archive will stick around, but will be read only.

You can also use our Slack channel or StackOverflow to ask for help.
Check out our community overview for more options to contribute.

Upgrading SilverStripe /

Ask questions about upgrading SilverStripe to the latest version.

Moderators: martimiz, Sean, Ed, biapar, Willr, Ingo, swaiba

Upload file fails in 2.2.4


Go to End


3 Posts   3428 Views

Avatar
keeny

Community Member, 48 Posts

20 April 2009 at 1:56pm

We recently upgraded all our 2.2 sites to 2.2.4 for security reasons.

As a result uploading a file through the cms now fails with the following error:

FATAL ERROR: Folder::addUploadToFolder() File is not a valid upload

All our sites on the same server that are 2.3.1 work fine. I tracked the problem down to line 216 in 'sapphire/filesystem/Folder.php' and commented out the following code:

		if(isset($tmpFile['tmp_name']) && !is_uploaded_file($tmpFile['tmp_name'])) {
			user_error("Folder::addUploadToFolder() File is not a valid upload", E_USER_ERROR);
			return false;
		}

Now the uploads work. BUT what is the consequence of commenting this out? This is a security release, so has this code been added for any security reason?

I'd really appreciate any thoughts on this.

Thanks,

Barry.

Avatar
Carbon Crayon

Community Member, 598 Posts

2 May 2009 at 12:30pm

Hi Keeny

I wasn't aware there was a 2.2.4...? I thought 2.2.3 was the last 2.2 release?

Anyway I have had this problem when trying to upload files larger than my PHP memory limit, do you get this behavior with small files too (<2MB)?

Avatar
keeny

Community Member, 48 Posts

2 May 2009 at 3:41pm

Hiya Aram,

2.2.4 is a security release - you should upgrade if you are running 2.2.x sites. http://www.silverstripe.org/security-releases/

Yes, we get this behaviour even with small files. Once the offending code is commented out, uploads work fine. But I don't know what the impact of that is!

Cheers,

Barry.