Home > Net >  Adding file extension to allowed list for file uploads in OctoberCMS?
Adding file extension to allowed list for file uploads in OctoberCMS?

Time:03-15

The problem is in OctoberCMS backend within the File Manager of Assets, I receive the following error message when I attempt to upload a SVG file:

Error uploading file 'logo.svg': Only the following file types are allowed: jpg, jpeg, bmp, png, webp, gif, ico, css, js, woff, woff2, ttf, eot, json, md, less, sass, scss

The error message is generated from within AssetList.php that references the function getDefinitions($type) in October\Rain\Filesystem.

    /**
     * Returns a definition set from config or from the default sets.
     * @param $type string
     * @return array
     */
    public function getDefinitions($type)
    {
        if (!method_exists($this, $type)) {
            throw new Exception(sprintf('No such definition set exists for "%s"', $type));
        }

        return (array) Config::get('cms.fileDefinitions.'.$type, $this->$type());
    }

I cannot find any reference in /config/cms.php to 'fileDefinitions'.

How do I add SVG to the allowed file definitions array without losing the existing list of filetypes.

CodePudding user response:

Why don't you just add the key 'fileDefinitions' to the config file? Since October is based on laravel, getting config works the same way there as it does here; which is to say, that Config::get() has the same parameter listing of Laravel: Config::get($stringPath, $default = null);.

Based on the content of the file you reference, or at least the closest file I could find that matches what you reference, the $type() variable variable points to any of lines 97, 149, etc. whose return value is a simple array of extensions.

So to make a long story short, in /config/cms.php, create a new array key of fileDefinitions and set its value to ['svg'], as well as any additional extensions you want. Be aware however of the logic in that file for determining what should be allowed to be uploaded.

Security risk

Also be aware that SVGs were removed from those arrays as it was deemed a security risk.

CodePudding user response:

To upload a SVG that I have authored and know doesn't contain malicious code like embedded CSS and Javascript, I add the following to the bottom of the config: /config/cms.php.

    /*
    |--------------------------------------------------------------------------
    | File extensions list for allowed file uploads
    |--------------------------------------------------------------------------
    */

    'fileDefinitions' => [

        'assetExtensions' => [
            'svg', 'jpg', 'jpeg', 'bmp', 'png', 'webp', 'gif', 'ico', 'css', 'js', 'woff', 'woff2', 'ttf', 'eot', 'json', 'md', 'less', 'sass', 'scss'
        ],
    ],

Save, then the command to clear the cache and it solves the problem.

$ php artisan config:clear
  • Related