Joomla! Issue Tracker - CMS

Download
Launch
Feeling Lucky

[#20617] - editor-xtd > image modal can't upload to sub-folders

?
avatar drewgg
drewgg
29 May 2018

Steps to reproduce the issue

  1. Have the "Image" editor-xtd plugin enabled.
  2. Edit/Create an article and click on the Image xtd button to open the modal
  3. Navigate to any sub folder and upload an image

Expected result

Image should be uploaded to the current sub folder

Actual result

Image is uploaded to the root /images/ folder

System information (as much as possible)

Joomla 3.8.8

Testing on sites using these two configurations:

PHP 7.0.30
Apache
cgi-fcgi PHP interface

PHP 7.1.17
LiteSpeed
litespeed PHP interface

Additional comments

  • I've confirmed this issue on 4 different 3.8.8 installs.

  • Uploading files from the media manager (Content > Media) does not have this issue; only uploading files from the modal window.

  • In comparing the request sent between the Content > Media upload and the Modal upload there is difference in the "folder" query string parameter:

Content > Media:
https://www.*.com/administrator/index.php?option=com_media&task=file.upload&tmpl=component&a060f310b0b3488489015fe158b7c9f9=7gq9043nuoe8gqflgki7l4rke1&ef7e91aa39a03bf2f8dc0971139f2f8a=1&format=html&folder=stories/2018

Modal:
https://www.*.com/administrator/index.php?option=com_media&task=file.upload&tmpl=component&a060f310b0b3488489015fe158b7c9f9=7gq9043nuoe8gqflgki7l4rke1&ef7e91aa39a03bf2f8dc0971139f2f8a=1&asset=com_content&author=&view=images&folder=stories%252F2018

As you can see, the first one is not escaped at all. The second one is double-escaped.

The double escaping is resulting in /administrator/com_media/controllers/file.php line 45 to return an empty string:

$this->folder = $this->input->get('folder', '', 'path');

Which is what is leading to the images being uploaded to the root images folder.

  • I reverted these files back to the 3.8.7 version:

/administrator/com_media/views/imageslist/tmpl/default_folder.php
/administrator/com_media/views/imageslist/tmpl/default_image.php
/administrator/com_media/views/images/tmpl/default.php

That didn't seem to have any affect on the issue (the folder value is still double-escaped).

avatar drewgg drewgg - open - 29 May 2018
avatar joomla-cms-bot joomla-cms-bot - change - 29 May 2018
Labels Added: ?
avatar joomla-cms-bot joomla-cms-bot - labeled - 29 May 2018
avatar drewgg
drewgg - comment - 29 May 2018

Ah, fooy. My initial search of open issues didn't reveal #20586. I've added that patch and the issue is fixed.

avatar drewgg drewgg - close - 29 May 2018
avatar drewgg drewgg - change - 29 May 2018
Status New Closed
Closed_Date 0000-00-00 00:00:00 2018-05-29 17:05:34
Closed_By drewgg

Add a Comment

Login with GitHub to post a comment