browse field type goto 403 after 3.0.9 #59
Comments
|
Based on the information provided in the knowledge sources, I can offer some insights into your issue with the browse field type in Backpack 3.0.9 and later versions. It seems you're encountering a 403 error when trying to access the elFinder popup for the browse field type. This issue appears to be related to the handling of MIME types in the BackpackElfinderController. The code snippet you provided shows that the controller is attempting to decrypt the 'mimes' parameter from the request. If this decryption fails, it results in a 403 error. To address this issue, you might want to check the following:
Unfortunately, the provided knowledge sources don't contain specific information about this particular error in Backpack 3.0.9 or later versions. The closest relevant information I found is about file type restrictions in the browse field, but it doesn't directly address your 403 error issue. If the problem persists, you might want to:
I apologize that I don't have more specific information to resolve your issue. If you need further assistance, you might want to provide more details about your setup and the exact steps to reproduce the error. Relevant sources: Github Issue (closed): [4.0][Bug] Multiple images upload to the File Manager |
|
Thanks for the report @drserhio and sorry for the bad experience. A composer update should get you the fixed versions of FileManager and PRO. If you get filemanager 3.0.10 and pro 2.2.23 you are all set. If you are unable to update PRO you need to manually apply the fix in your browser field. 1 - check if you already have the field published in your - if (isset($field['mime_types'])) {
- $field['wrapper']['data-elfinder-trigger-url'] .= '&mimes='.urlencode(serialize($field['mime_types']));
- }
+ $field['wrapper']['data-elfinder-trigger-url'] .= '&mimes='.urlencode(Crypt::encrypt($field['mime_types'] ?? ''));Let us know if you are still experiencing issues 👍 |
|
Thanks for the solution @pxpm but still this issue NOT resolved on single browse button popup.. |
|
Adding this line in
|
|
Thanks @munjaldevelopment I've just released a new version o backpack pro with the fix. This field didn't support the mimes functionality so I overlooked it, my bad 🙏 Please allow a few moments for our private repository to pick the changes and you can get the fixed version with a composer update. For people unable to update PRO, please see the instructions here on how to publish the browse field: #59 (comment) (changing the relevant parts for the 1 - Add at the top of your file: $field['attributes']['data-elfinder-trigger-url'] = $field['attributes']['data-elfinder-trigger-url'] ?? url(config('elfinder.route.prefix').'/popup/'.$field['name']);
$field['attributes']['data-elfinder-trigger-url'] .= '?mimes='.urlencode(Crypt::encrypt($field['mime_types'] ?? ''));2 - remove line 13: - data-elfinder-trigger-url="{{ url(config('elfinder.route.prefix').'/popup') }}"3 - Change line 74 to: - href: triggerUrl + '/' + name,
+ href: triggerUrl,Once again, thank you very much 🙏 |
|
Thanks, Pedro
I have pro package. I have everything working with the new changes!
All uses of browse field ok
Sincerely,
Sergii Drapoi
пн, 18 лист. 2024 р. о 17:22 Pedro Martins ***@***.***> пише:
… Thanks @munjaldevelopment <https://github.com/munjaldevelopment> I've
just released a new version o backpack pro with the fix.
This field didn't support the mimes functionality so I overlooked it, my
bad 🙏
Please allow a few moments for our private repository to pick the changes
and you can get the fixed version with a composer update.
For people unable to update PRO, please see the instructions here on how
to publish the browse field: #59 (comment)
<#59 (comment)>
(changing the relevant parts for the browse field)
1 - Add at the top of your file:
$field['attributes']['data-elfinder-trigger-url'] = $field['attributes']['data-elfinder-trigger-url'] ?? url(config('elfinder.route.prefix').'/popup/'.$field['name']);$field['attributes']['data-elfinder-trigger-url'] .= '?mimes='.urlencode(Crypt::encrypt($field['mime_types'] ?? ''));
2 - remove line 13:
- data-elfinder-trigger-url="{{ url(config('elfinder.route.prefix').'/popup') }}"
3 - Change line 74 to:
- href: triggerUrl + '/' + name,+ href: triggerUrl,
Once again, thank you very much 🙏
—
Reply to this email directly, view it on GitHub
<#59 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABX4QWG2NQIQC7CBXFP3HGT2BIA37AVCNFSM6AAAAABR3YVLZOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDIOBTGM3DCMJUG4>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
|
Hi, the elfinder on ckeditor is also returning a 403. How can i fix this? |
|
Hey @BenjaminVerhaegen thanks for the report. If you have access to PRO, I've just released a fixed version, allow a few moments for our private repository to pick the changes and you can get the fixed version with a In case you don't have access to PRO updates anymore, follow a similar approach I described earlier to publish ckeditor.blade.php to your resources folder and change the following. Lines 10~11 - if($hasElfinder && !in_array('ckfinder', $toolbar)) {
- $toolbar = array_merge($toolbar, ['|', 'ckfinder']);
+ if($hasElfinder) {
+ $field['attributes']['data-elfinder-trigger-url'] = $field['attributes']['data-elfinder-trigger-url'] ?? url(config('elfinder.route.prefix').'/popup/'.$field['name'].'?multiple=1');
+ $field['attributes']['data-elfinder-trigger-url'] .= '&mimes='.urlencode(Crypt::encrypt($field['elfinderOptions']['onlyMimes'] ?? ''));
+ if(! in_array('ckfinder', $toolbar)) {
+ $toolbar = array_merge($toolbar, ['|', 'ckfinder']);
+ }
+ }Line 97 add: + let elfinderTriggerUrl = element.data('elfinder-trigger-url');Line 112 replace: - href: '{{url(config('elfinder.route.prefix').'/popup/elfinder?multiple=1')}}',
+ href: elfinderTriggerUrl,Cheers |
CrudController / setupCreateOperation
Browse Field Type
Request https://site.com/admin/elfinder/popup/attribute_name
request('mimes') - not present
403 error permanently
That's how it works (class BackpackElfinderController):
try {
if(request('mimes')){
$mimes = Crypt::decrypt(urldecode(request('mimes')));
}
} catch (\Illuminate\Contracts\Encryption\DecryptException $e) {
Log::error('Someone attempted to tamper with mime types in elfinder popup. The attempt was blocked.');
abort(403, 'Unauthorized action.');
}
The text was updated successfully, but these errors were encountered: