I've integrated the latest version of KCFinder into CKEditor - whenever I click the 'Browse Server' button on the CKEditor toolbar it opens the KCFinder dialog box and downloads the 'browse.php' file rather than display the contents of a directory.
It is almost as if for some reason the PHP engine stops working temporarily - i've not modified any of the htaccess files.
I'm currently using the standard config.php within the kcfinder directory - would anyone know what may have caused this and how to fix it?
// kcfinder/config.php
$_CONFIG = array(
'disabled' => true,
'denyZipDownload' => false,
'denyUpdateCheck' => false,
'denyExtensionRename' => false,
'theme' => "oxygen",
'uploadURL' => "",
'uploadDir' => "",
'dirPerms' => 0755,
'filePerms' => 0644,
'access' => array(
'files' => array(
'upload' => true,
'delete' => true,
'copy' => true,
'move' => true,
'rename' => true
),
'dirs' => array(
'create' => true,
'delete' => true,
'rename' => true
)
),
'deniedExts' => "exe com msi bat php phps phtml php3 php4 cgi pl",
'types' => array(
// CKEditor & FCKEditor types
'files' => "",
'flash' => "swf",
'images' => "*img",
// TinyMCE types
'file' => "",
'media' => "swf flv avi mpg mpeg qt mov wmv asf rm",
'image' => "*img",
),
'filenameChangeChars' => array(/*
' ' => "_",
':' => "."
*/),
'dirnameChangeChars' => array(/*
' ' => "_",
':' => "."
*/),
'mime_magic' => "",
'maxImageWidth' => 0,
'maxImageHeight' => 0,
'thumbWidth' => 100,
'thumbHeight' => 100,
'thumbsDir' => ".thumbs",
'jpegQuality' => 90,
'cookieDomain' => "",
'cookiePath' => "",
'cookiePrefix' => 'KCFINDER_',
// THE FOLLOWING SETTINGS CANNOT BE OVERRIDED WITH SESSION CONFIGURATION
'_check4htaccess' => true,
//'_tinyMCEPath' => "/tiny_mce",
'_sessionVar' => &$_SESSION['KCFINDER'],
//'_sessionLifetime' => 30,
//'_sessionDir' => "/full/directory/path",
//'_sessionDomain' => ".mysite.com",
//'_sessionPath' => "/my/path",
);
?>
I got the same problem and I found that the .htaccess file in the kcfinder dir was precisely shut the php engine off. I removed the .htaccess file and then it worked. I do not understand why this shutting off was necessary. Security??
Well, I still get a problem to point at the right directory, but now I see something !!
One comment here about the CONFIG array here above. The attribute disabled have to be put to false, and it is often suggested to be done through a SESSION variable (put $_SESSION['KCFINDER'] = array();
$_SESSION['KCFINDER']['disabled'] = false; after the session_start() ), and not directly in the config file.
Related
I am using elFinder for manage my FTP files. But I want to open FTP files and folders without giving FTP details. I keep elFinder files on same FTP. Is it possible?
In connector.php:
$opts = array(
// 'debug' => true,
'roots' => array(
array(
'driver' => 'FTP',
'path' => 'here i give path of folder',
'accessControl' => 'access' ,
'tmpPath' => '../files/ftp',// disable and hide dot starting files (OPTIONAL)
'defaults' => array('read' => true, 'write' => true),
'disabled' => array('rename', 'rm' , 'copy' ,'cut','paste')
)
)
);
but when I used this. I get this error:
Invalid backend configuration. Readable volumes not available.
I found the solution for this.To open files we dont need to use ftp option in driver just use localfilesystem and give path of files according to server.
$opts = array(
// 'debug' => true,
' roots' => array(
array(
'driver' => 'localFileSystem',
'path' => 'path of the folder that you want to browse',
'accessControl' => 'access' ,
'defaults' => array('read' => true, 'write' => true),
'disabled' => array('rename', 'rm' , 'copy' ,'cut','paste')
)
)
);
When add a new app to access saml, I am facing this issue.
SSOService.php:1 GET https://saml.testing.net/www/saml2/idp/SSOService.php?spentityid=newapp&cookieTime=1459920375
net::ERR_TOO_MANY_REDIRECTS
in my local I don't facing any issue, but when I copy the codes to staging servers, then it shows ERR_TOO_MANY_REDIRECTS errors, keep redirecting, and not able to display the saml login page. The Staging servers with Load balancers, would this caused the error?
Thanks.
Update:
$config = array(
'baseurlpath' => 'https://saml.testing.net/',
'certdir' => '/etc/test/sslcerts/',
'tempdir' => '/tmp',
'datadir' => 'data/',
'auth.adminpassword' => '1234567',
'admin.protectindexpage' => TRUE,
'admin.protectmetadata' => TRUE,
'secretsalt' => 'xxxxxxxxx',
'timezone' => NULL,
// logging related options
'loggingdir' => '/var/log/simplesamlphp/',
'logging.level' => LOG_WARNING,
'logging.logfile' => 'simplesaml_' .date("Ymd") . '.log',
'debug' => true,
'showerrors' => true,
'logging.handler' => 'file',
'logging.facility' => LOG_USER,
'logging.processname' => 'simplesaml',
'debug.validatexml' => FALSE,
'enable.saml20-idp' => TRUE,
'enable.shib13-idp' => FALSE,
'enable.adfs-idp' => FALSE,
'enable.wsfed-sp' => FALSE,
'enable.authmemcookie' => TRUE,
'session.duration' => 2*(60*60),
'session.requestcache' => 4*(60*60),
'session.cookie.lifetime' => 0,
'session.cookie.path' => '/',
'session.phpsession.cookiename' => 'SimpleSAMLSessionID',
'session.cookie.name' => 'SimpleSAMLSessionID',
'session.cookie.domain' => NULL,
'session.cookie.secure' => FALSE,
'session.cookie.lifetime' => 0,
'session.datastore.timeout' => 4*(60*60),
'session.state.timeout' => (60*60),
'session.phpsession.savepath' => NULL,
'session.phpsession.httponly' => FALSE,
'session.disable_fallback' => FALSE,
'session.authtoken.cookiename' => 'SimpleSAMLAuthToken',
'session.rememberme.enable' => FALSE,
'session.rememberme.checked' => FALSE,
'session.rememberme.lifetime' => 1209600, // 14 days
'enable.http_post' => FALSE,
'language.available' => array('en'),
'language.default' => 'en',
'attributes.extradictionary' => NULL,
'theme.use' => 'oldtheme:abcdef',
'attributes.extradictionary' => NULL,
'default-wsfed-idp' => 'urn:federation:pingfederate:localhost',
'idpdisco.enableremember' => TRUE,
'idpdisco.rememberchecked' => TRUE,
'idpdisco.validate' => TRUE,
'idpdisco.extDiscoveryStorage' => NULL,
'idpdisco.layout' => 'dropdown',
'shib13.signresponse' => TRUE,
'authproc.idp' => array(
10 => "frogauth:LogHandler",
30 => 'core:LanguageAdaptor',
45 => array('class' => 'core:StatisticsWithAttribute', 'attributename' => 'realm', 'type' => 'saml20-idp-SSO'),
50 => 'core:AttributeLimit',
99 => 'core:LanguageAdaptor',
100 => "newauth:ToLogin",
101 => "newauth:VerifyLogin",
99 => 'core:LanguageAdaptor',
),
'authproc.sp' => array(
99 => 'core:LanguageAdaptor',
),
'metadata.sources' => array(
array('type' => 'flatfile'),
),
'store.type' => 'memcache',
'memcache_store.servers' => array(
array(
array('hostname' => '10.11.11.11'),
),
),
'memcache_store.expires' => 36 * (60*60),
'metadata.sign.enable' => FALSE,
'metadata.sign.privatekey' => NULL,
'metadata.sign.privatekey_pass' => NULL,
'metadata.sign.certificate' => NULL,
'proxy' => null,
'xframe_options'=> array( 'enable' => TRUE, 'trusted_sites' => array()),
'session.duration' => 2*(60*60),
'theme.use' => "newtheme:multitheme",
);
saml20-sp-remote.php
$metadata['newapp'] = array(
'AssertionConsumerService' => 'https://www.newapp.com/mobile/saml',
'SingleLogoutService' => 'https://www.newapp.com/mobile/logout',
'Theme' => 'mobile',
);
In my case the SameSite=None cookie attribute was the culprit. SameSite=None cookies must be used along with the secure attribute!
Solution:
'session.cookie.secure' => true // config.php
If your service is running behind a reverse proxy and is not running over https you additionally need to define the URL schema:
'baseurlpath' => 'https://my.url.com/<path_to_simple_saml>' // indicating the https schema (config.php)
If it helps at all, whenever this occurs in our setup it is because something has gone wrong with the cookies.
The user is not being seen as logged in at the service because the cookies aren't set correctly. Therefore they are redirected to the idp at which point they are shown as logged in and redirected back to the service; and repeat.
Basically your service thinks they aren't logged in, saml thinks they are; and they both keep passing the buck!
I've just run into a similar redirect issue. SimpleSAMLPHP would load fine but when trying to login as an admin it would go into an infinite loop loading the loginuserpass.php and as_login.php pages (redirected initially from /module.php/core/login-admin.php?ReturnTo=XXX).
After a lot of debugging I found that the problem was actually Varnish caching which was stopping the session state from being loaded. This happened no matter what session storage was selected (phpsession, memcache or sql).
Disabling varnish caching on the SimpleSAMLPHP paths fixed the issue for me.
Hope this helps anyone else with this issue.
And here is still another possible solution to try (worked for me after searching for hours, and after correcting the 'session.phpsession.savepath'): Go into the Firefox developer tools (or the browser of your choice) and in the "web storage" remove all cookies.
Close the connection when the page content ends.
In my case the culprit was a git/merge error in the session.phpsession.savepath ... fixing it solved the redirect issue
'session.phpsession.savepath' => "/path/to"
I am trying to create a simple Cakephp 2.5.1 app that accepts file upload. I am using the file uploader plugin provided in http://milesj.me/code/cakephp/uploader. I followed the instructions in the website and got it installed and it seems to work fine.
The code below is added to the model.php. There is a column 'picture' in the model table.
public $actsAs = array(
'Uploader.Attachment' => array(
// Do not copy all these settings, it's merely an example
'picture' => array(
'nameCallback' => '',
'append' => '',
'prepend' => '',
'tempDir' => TMP,
'uploadDir' => '',
'transportDir' => '',
'finalPath' => '',
'dbColumn' => '',
'metaColumns' => array(),
'defaultPath' => '',
'overwrite' => false,
'stopSave' => true,
'allowEmpty' => true,
'transforms' => array(),
'transformers' => array(),
'transport' => array(),
'transporters' => array(),
'curl' => array()
)
)
);
In the associated ctp file, I have the following code;
<?php
echo $this->Form->create('Upload', array('type' => 'file'));
echo $this->Form->input('picture', array('type' => 'file'));
echo $this->Form->end('Submit');
?>
I managed to upload an image file SSSS.jpg to the webserver. However, the strange thing is that the uploaded image file is a tiny file which contains the HTTP POST information in text, not the actual image data. The file contents looks something like this;
_method=POST&_method=POST&data%5BUpload%5D%5Bpicture%5D=SSSS.jpg
Can someone tell me what are the possible things that have gone wrong? Thank you.
EDIT: I just noticed in Chrome debugging that under the HTTP POST method, the file sent was of type text/html. Is this a problem? If yes, how do I change the type to image/jpg ?
Change the following line
echo $this->Form->input('picture', array('type' => 'file'));
To the following syntax
echo $this->Form->input('picture', array('type' => 'file/image'));
Sample Code:
echo $form->labelTag('File/image', 'Image');
echo $html->file('File/image');
I am trying to use standalone KCFinder to upload PDF files and images. Just downloaded the zip from their website and started to build up the "system" and it works perfect with images. The problem is when I want to upload PDF files, I get an error: "Unknown image format/encoding".
NOTE: When I open my KCFinder standalone it is already on the folder "images" and not "upload". I know this can be the cause but I can't find out how to change this...
Here is my config.php:
$_CONFIG = array(
// GENERAL SETTINGS
'browse.php?lang'=>sv,
'disabled' => false,
'theme' => "oxygen",
'uploadURL' => "upload",
'uploadDir' => "",
'types' => array(
// (F)CKEditor types
'files' => "",
'flash' => "swf",
'images' => "*img",
'misc' => "pdf doc docx xls xlsx",
// TinyMCE types
'file' => "",
'media' => "swf flv avi mpg mpeg qt mov wmv asf rm",
'image' => "*img",
),
// IMAGE SETTINGS
'imageDriversPriority' => "imagick gmagick gd",
'jpegQuality' => 90,
'thumbsDir' => ".thumbs",
'maxImageWidth' => 0,
'maxImageHeight' => 0,
'thumbWidth' => 100,
'thumbHeight' => 100,
'watermark' => "",
// DISABLE / ENABLE SETTINGS
'denyZipDownload' => false,
'denyUpdateCheck' => false,
'denyExtensionRename' => false,
// PERMISSION SETTINGS
'dirPerms' => 0755,
'filePerms' => 0644,
'access' => array(
'files' => array(
'upload' => true,
'delete' => true,
'copy' => true,
'move' => true,
'rename' => true
),
'dirs' => array(
'create' => true,
'delete' => true,
'rename' => true
)
),
'deniedExts' => "exe com msi bat php phps phtml php3 php4 cgi pl",
// MISC SETTINGS
'filenameChangeChars' => array(/*
' ' => "_",
':' => "."
*/),
'dirnameChangeChars' => array(/*
' ' => "_",
':' => "."
*/),
'mime_magic' => "",
'cookieDomain' => "",
'cookiePath' => "",
'cookiePrefix' => 'KCFINDER_',
// THE FOLLOWING SETTINGS CANNOT BE OVERRIDED WITH SESSION SETTINGS
'_check4htaccess' => true,
//'_tinyMCEPath' => "/tiny_mce",
'_sessionVar' => &$_SESSION['KCFINDER'],
//'_sessionLifetime' => 30,
//'_sessionDir' => "/full/directory/path",
//'_sessionDomain' => ".mysite.com",
//'_sessionPath' => "/my/path",
);
Does anyone know what I am doing wrong?
dont use insert image. if you want to upload file (zip pdf .etc), you must use INSERT LINK rather than INSERT IMAGE.
but before, you must edit the config.
'types' => array(
// CKEditor & FCKEditor types
'files' => "",
'flash' => "swf",
'images' => "*img",
// TinyMCE types
'file' => "doc pdf zip", // <<<======= HERE, because iam using tinyMCE
'media' => "swf flv avi mpg mpeg qt mov wmv asf rm",
'image' => "*img",
)
1.I download the ckeditor "Standard Package".
2.I download the add-ons "File Browser" and "Popup" from the add-ons part of ckeditor.com.
3.I set the config in "ckeditor/config.js",
config.extraPlugins = 'popup,filebrowser';
I am using this configuration for my Elfinder to use with CKEditor.
$opts = array(
// 'debug' => true,
'roots' => array(
array(
'driver' => 'LocalFileSystem', // driver for accessing file system (REQUIRED)
'path' => '../../uploads/', // path to files (REQUIRED)
'URL' => dirname($_SERVER['PHP_SELF']) . '/../../uploads/', // URL to files (REQUIRED)
'accessControl' => 'access' , // disable and hide dot starting files (OPTIONAL)
'uploadAllow' => array('image/jpg', 'image/png'),
'alias' => 'Home',
'mimeDetect' => 'internal',
'imgLib' => 'gd',
),
),
);
However, I am able to upload all the files even PHP files!! I only want images to be uploaded. I am not able to restrict the uploading. Where am I going wrong?
Add:
'uploadOrder'=> array( 'allow', 'deny' )
Without this the default policy is allow if none of them matches.
According to:
https://github.com/Studio-42/elFinder/wiki/Connector-configuration-options#wiki-uploadOrder