Index: branches/RC/core/kernel/db/db_event_handler.php =================================================================== diff -u -N -r10962 -r11245 --- branches/RC/core/kernel/db/db_event_handler.php (.../db_event_handler.php) (revision 10962) +++ branches/RC/core/kernel/db/db_event_handler.php (.../db_event_handler.php) (revision 11245) @@ -2243,13 +2243,16 @@ function OnUploadFile(&$event) { $event->status = erSTOP; + echo "Flash requires that we output something or it won't fire the uploadSuccess event"; // Flash uploader does NOT send correct cookies, so we need to make our own check $cookie_name = 'adm_'.$this->Application->ConfigValue('SessionCookieName'); $this->Application->HttpQuery->Cookie['cookies_on'] = 1; $this->Application->HttpQuery->Cookie[$cookie_name] = $this->Application->GetVar('flashsid'); - $this->Application->HttpQuery->Cookie[$cookie_name.'_live'] = $this->Application->GetVar('flashsid'); // this prevents session from auto-expiring when KeepSessionOnBrowserClose & FireFox is used + // this prevents session from auto-expiring when KeepSessionOnBrowserClose & FireFox is used + $this->Application->HttpQuery->Cookie[$cookie_name.'_live'] = $this->Application->GetVar('flashsid'); + $admin_ses =& $this->Application->recallObject('Session.admin'); /* @var $admin_ses Session */ @@ -2260,10 +2263,8 @@ $user_id = $admin_ses->RecallVar('user_id'); if (!$perm_helper->CheckUserPermission($user_id, $section.'.add') && !$perm_helper->CheckUserPermission($user_id, $section.'.edit')) { - $event->status = erPERM_FAIL; // 403 Forbidden header('HTTP/1.0 403 You don\'t have permissions to upload'); - exit; return ; } @@ -2272,11 +2273,12 @@ } $value = $this->Application->GetVar('Filedata'); - if (!$value) { - $event->status = erFAIL; - // 413 Request Entity Too Large (when uploaded file was to large for web server to accept) + + if (!$value || ($value['error'] != UPLOAD_ERR_OK)) { + // 413 Request Entity Too Large (file uploads disabled OR uploaded file was + // to large for web server to accept, see "upload_max_filesize" in php.ini) header('HTTP/1.0 413 File size exceeds allowed limit'); - exit; + return ; } $tmp_path = defined('WRITEABLE') ? WRITEABLE.'/tmp/' : FULL_PATH.'/kernel/cache/'; @@ -2287,15 +2289,12 @@ } if (!is_writable($tmp_path)) { - $event->status = erFAIL; // 500 Internal Server Error header('HTTP/1.0 500 Write permissions not set on the server'); - exit; + return ; } move_uploaded_file($value['tmp_name'], $tmp_path.$fname); - - die("Flash requires that we output something or it won't fire the uploadSuccess event"); } /** Index: branches/RC/core/units/general/helpers/permissions_helper.php =================================================================== diff -u -N -r10031 -r11245 --- branches/RC/core/units/general/helpers/permissions_helper.php (.../permissions_helper.php) (revision 10031) +++ branches/RC/core/units/general/helpers/permissions_helper.php (.../permissions_helper.php) (revision 11245) @@ -190,8 +190,17 @@ } // specific permission check for pending & owner permissions: begin - $new_item = $this->Application->IsAdmin() && $event_handler->isNewItemCreate($event) ? true : false; - $check_status = $this->checkCombinedPermissions($event, $owner_id, $category_id, $new_item); + $uploader_events = Array ('OnUploadFile', 'OnDeleteFile', 'OnViewFile'); + if (in_array($event->Name, $uploader_events)) { + // don't recall target object during uploader-related, because OnItemLoad will use incorrect + // $user_id in Firefox (during Flash problems session will be used from Internet Exploere) + $new_item = false; + } + else { + $new_item = $this->Application->IsAdmin() && $event_handler->isNewItemCreate($event) ? true : false; + $check_status = $this->checkCombinedPermissions($event, $owner_id, $category_id, $new_item); + } + if (isset($check_status)) { return $check_status; }