Skip to content

editor-xtd > image modal can't upload to sub-folders #20617

New issue
New issue
Closed
Closed
editor-xtd > image modal can't upload to sub-folders#20617
Labels
No Code Attached Yet
@drewgg

Description

@drewgg
drewgg
opened on May 29, 2018

Steps to reproduce the issue

  1. Have the "Image" editor-xtd plugin enabled.
  2. Edit/Create an article and click on the Image xtd button to open the modal
  3. Navigate to any sub folder and upload an image

Expected result

Image should be uploaded to the current sub folder

Actual result

Image is uploaded to the root /images/ folder

System information (as much as possible)

Joomla 3.8.8

Testing on sites using these two configurations:

PHP 7.0.30
Apache
cgi-fcgi PHP interface

PHP 7.1.17
LiteSpeed
litespeed PHP interface

Additional comments

  • I've confirmed this issue on 4 different 3.8.8 installs.

  • Uploading files from the media manager (Content > Media) does not have this issue; only uploading files from the modal window.

  • In comparing the request sent between the Content > Media upload and the Modal upload there is difference in the "folder" query string parameter:

Content > Media:
https://www.*.com/administrator/index.php?option=com_media&task=file.upload&tmpl=component&a060f310b0b3488489015fe158b7c9f9=7gq9043nuoe8gqflgki7l4rke1&ef7e91aa39a03bf2f8dc0971139f2f8a=1&format=html&folder=stories/2018

Modal:
https://www.*.com/administrator/index.php?option=com_media&task=file.upload&tmpl=component&a060f310b0b3488489015fe158b7c9f9=7gq9043nuoe8gqflgki7l4rke1&ef7e91aa39a03bf2f8dc0971139f2f8a=1&asset=com_content&author=&view=images&folder=stories%252F2018

As you can see, the first one is not escaped at all. The second one is double-escaped.

The double escaping is resulting in /administrator/com_media/controllers/file.php line 45 to return an empty string:

$this->folder = $this->input->get('folder', '', 'path');

Which is what is leading to the images being uploaded to the root images folder.

  • I reverted these files back to the 3.8.7 version:

/administrator/com_media/views/imageslist/tmpl/default_folder.php
/administrator/com_media/views/imageslist/tmpl/default_image.php
/administrator/com_media/views/images/tmpl/default.php

That didn't seem to have any affect on the issue (the folder value is still double-escaped).

Metadata

Metadata

Assignees

No one assigned

    Labels

    No Code Attached Yet

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions