CMS MADE SIMPLE FORGE

TinyMCE

 
Back Back to List

[#11913] File Browser Access Denied. Aviary Photo Editor setting not recognized.

avatar
Created By: John Beatrice (mww)
Date Submitted: Thu Oct 18 20:10:28 -0400 2018

Assigned To:
Version: 3.2-beta6
CMSMS Version: 2.2.8
Severity: Critical
Resolution: Invalid
State: Closed
Summary:
File Browser Access Denied. Aviary Photo Editor setting not recognized.
Detailed Description:
When disabling the Aviary Photo Editor and clearing the id, the user is denied
access to the File Browser .

Line 81 of /modules/TinyMCE/responsive_filemanager/filemanager/dialog.php

if (USE_ACCESS_KEYS == TRUE){
	if (!isset($_GET['akey'], $access_keys) || empty($access_keys)){
		die('Access Denied!');
	}

$_GET['akey'] = strip_tags(preg_replace( "/[^a-zA-Z0-9\._-]/", '',
$_GET['akey']));

	if (!in_array($_GET['akey'], $access_keys)){
		die('Access Denied!');
	}
}

The PHP die() is triggered because of 

	if (!in_array($_GET['akey'], $access_keys)){
		die('Access Denied!');
	}


History

Comments
avatar 
Date: 2019-03-16 16:24
Posted By: Charles Butcher (chazzo)

I am getting a 403 error when I try to access the file picker through TinyMCE.
In MicroTiny it works OK.

Commenting out that whole 'if' statement didn't fix the problem for me. I don't
understand the reference to Aviary Photo Editor.
avatar 
Date: 2019-03-18 03:49
Posted By: Mathieu Muths (airelibre) (airelibre)

I think you confuse the access key with the aviary key.

The access key is a key used to secure the filemanager access to only
authenticated admin users.
The aviary key is an API key for aviary.

The $_GET['akey'] parameter is related to the access key, not the aviary one. I
just tested and unchecking the parameter checkbox, and removing the Aviary key
make the Filemanager working properly.

But let me know if there's something I missed ;) Thanks
avatar 
Date: 2019-03-18 03:51
Posted By: Mathieu Muths (airelibre) (airelibre)

@chazzo

This doesn't seem to be related with the original bug report.
Did you properly update your htaccess file to enable the access? See the TinyMCE
module help page to know how to do this.
avatar 
Date: 2019-03-19 13:11
Posted By: Charles Butcher (chazzo)

#airelibre Thanks and apologies. I had forgotten that. I've just moved to a new
server and started with a new .htaccess file.
Updates

Updated: 2019-09-03 06:18
resolution_id: 5 => 9
state: Open => Closed

Updated: 2019-03-18 03:49
resolution_id: => 5