If any user who is not the root user (e.g. uid !=1 ) tries to upload a file they get

"The selected file can not be attached to this post, because it is only possible to attach files with the following extensions: jpg jpeg gif png txt html doc xls pdf ppt pps."

The root/uid=1 user can upload files without any errors.

I think this came out of fixes related to http://drupal.org/node/43220 and earlier.

Comments

kkaefer’s picture

kkaefer commented

I can confirm this bug.

deekayen’s picture

deekayen commented

I wasn't able to confirm this as written, but I did uncover some annoyances.

1) if txt is an allowed filetype, uploading a file with TXT in caps doesn't match, when really there's no functional difference. Maybe need to add compare using strtolower()?
2) Once the incorrect file upload attempt prints the error message, you can't get rid of the file. The file is in the list as a regularly uploaded file, when really the check should delete it and not list it. When I try to click the delete checkbox for the file and submit, it keeps the file listed and re-presents the error.

pulsifer’s picture

pulsifer commented

User uid == 1 can upload files with any extension. All other users can only upload the allowed extensions, if they are permitted to upload at all. What was the full name of the file you were trying to upload?

deekayen’s picture

deekayen commented

Let me revise what I just said. The caps thing isn't a problem and now I'm not able to reproduce the deletion problem.

I didn't clean out the tmp directory and uploaded the same file I did in my earlier testing and now I'm getting "warning: getimagesize(): Read error! in E:\Web\drupal47b6\includes\image.inc on line 89." for some reason which for now I will blame on something I did wrong.

I'm with pulsifer on this one. Maybe rar's file just didn't have an allowed extension.

pulsifer’s picture

pulsifer commented

quote: if txt is an allowed filetype, uploading a file with TXT in caps doesn't match

Are you sure about this? upload.module reads:

            $regex = '/\.('. ereg_replace(' +', '|', preg_quote($extensions)) .')$/i';
            if (!preg_match($regex, $file->filename)) {

This is voodoo of course (its a regex), but I believe the "/i" part is supposed to make it a caseless match.

deekayen’s picture

deekayen commented

Let me revise what I just said. The caps thing isn't a problem

I jumped the gun. Just ignore me - I'll go crawl back in my contrib hole and (try to) stay out of the core playground.

rar’s picture

rar commented
Title: Only user=1 can upload files » Only user=1 can upload files, more details

here's the methodology that I get to reproduce the error.

  1. Start with clean CVS install with new database
  2. create two users ($user->uid==1 and $user->uid==2)
  3. create a page
  4. enable upload module
  5. create a new group "Full admin"
  6. make second user a "Full Admin" and enable "upload files" in permissions
  7. try to upload "filename.gif" as uid==1 user, success (e.g. attach, submit)
  8. logout and login as second user
  9. try to upload "filename2.gif" - get error message. (attach, submit)

The error occurs at the "submit stage." Notice that the error message doesn't identify the file name so there is something not being set in $_FILES when uid != 1.

samc’s picture

samc commented
Status: Active » Closed (duplicate)

Additional details can be found here: http://drupal.org/node/54298