Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

FileUpload validation code prevents super users from uploading to the default portal #3850

Closed
8 tasks done
daguiler opened this issue Jun 23, 2020 · 0 comments · Fixed by #3854
Closed
8 tasks done

Comments

@daguiler
Copy link
Contributor

Description of bug

#3654 introduced a protection mechanism to the FileUpload component (validation code) to make sure the uploads come from a trusted FileUpload component, rendered to current portalID and for the current user ID. This protection is good but it currently prevents superusers from uploading files to the default portal (ID = -1) for example, or to any portal different than the one where the FileUpload component was rendered to.
Specifically, this affects the Assets module in Evoq, where the FileUpload component is used to upload files to any portal visible to the user.

Steps to reproduce

These steps are specific to Evoq, but can apply to other scenarios as well:

  1. Open the Assets panel
  2. Click on "Global Assets"
  3. Upload a file

Current behavior

"Bad Request" error message is returned.

Expected behavior

File should get uploaded without issues.

Screenshots

image

Error information

2020-06-23 14:46:02.945+00:00 [DNN-QA-01][D:2][T:38][ERROR] DotNetNuke.Web.InternalServices.FileUploadController - System.InvalidOperationException: Bad Request
   at DotNetNuke.Web.InternalServices.FileUploadController.UploadFile(Stream stream, Int32 portalId, UserInfo userInfo, String folder, String filter, String fileName, Boolean overwrite, Boolean isHostPortal, Boolean extract, String validationCode)

Affected version

  • 10.00.00 alpha build (in development)
  • 09.06.01 latest supported release

Affected browser

  • Chrome
  • Firefox
  • Safari
  • Internet Explorer 11
  • Microsoft Edge (Classic)
  • Microsoft Edge Chromium
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
1 participant