New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
"Invalid upload token." #10
Comments
The module doesn't have any maintainers. Do you want to take a crack at fixing @laryn? |
@herbdool Maybe? I'll add it to my rainy day list (although anyone else reading this, please don't wait for me if you want to give it a shot). At the moment we'll just have to have duplicate images on some sites. 😄 |
Just tested @herbdool's fix and it works as advertised. RTBC. |
Thanks @laryn. Do you want to merge the PRs and create a new release? |
Hi. I just installed the latest version of filefield_sources, 1.11.1, I am running the latest backdrop 1.13.2. |
I'm also getting an "Invalid upload token" error on a File field using IMCE as the file source. This is using filefield_sources-1.x-1.11.1, imce-1.x-1.0.0 and Backdrop 1.13.2. |
I did some testing on this today. I downloaded Backdrop core versions until I found the last version that this worked in. The "Invalid upload token" problem does not occur with Backdrop 1.9.4; it does occur with Backdrop 1.9.5, which included a "comprehensive fix for ajax/upload callback and destination sanitization" in git commit 9d139b1887f52981ba0e6f67b8b6f1121640ffe9. I tried comparing the changes in that Backdrop core commit to the changes Herb made in commit e1bac75e0d05fbe61f1e154043895976c0c16dbb here in filefield_sources to fix this problem when it occurred earlier, but couldn't figure out how to fix this with the current version of Backdrop (1.13.3). But maybe this will help someone else sort out what changed in core and what subsequently needs to change in filefield_sources? (Maybe @quicksketch has an idea as the author of the relevant changes in core?) |
@jackaponte Yes, the security update you mention broke it in the first place, but @herbdool made a fix that solved it, at least for a time. Now I'm seeing the error again as well. |
Unfortunately, the error persists even with e1bac75 applied. |
Same bug here. Does anybody have an idea how to fix? |
I've just looked at the code and I think the fix of herbdool needs to be applied to the other * _process functions as well. I tested it with attach, imce and remote and had no errors - didn't test clipboard. |
I am getting the invalid token with both the file_attach and the autocomplete. More of an issue is that I have to save the content each time I add a file, in order to add a second file. |
Thank you so much! |
@laryn odd! Looks like you had permission to merge things 3 years ago. Something must have changed. |
@jenlampton seems to have beaten me to it. The authors, bug squad, and the security teams now have appropriate permissions to the repo. Was I meant to give maintainer access to anyone else? |
@klonos - I think it's good for now. @diannevolek I've merged this. Could you test the module to see if it works now? |
I've discovered this is only working if the file field is set to 1 and not multiple. |
I also added the snippet from backdrop/backdrop@ae93ecc#diff-ce3f5cbf5ec00fd53515777991842a6572f53491e0d400e2ce9b016e54afd09dR617 which deals with multiples per file field (cardinal > 1). It's working for me now. |
It isn't yet appearing as a module I can update? |
On the main page of this repo you'll see a button to download the unreleased version. You'll need download the zip file and add it manually. There's no release yet since it needs testers first. |
I still have an error. :-(
|
A couple things: testing works best on a fresh site otherwise it's really hard to know which module is at issue. And, it seems like you downloaded the last release and not the unreleased version. On the repo there's a button called Code. From there you can download the zip. Or go here https://github.com/backdrop-contrib/filefield_sources/archive/refs/heads/1.x-1.x.zip |
Sorry, I only have this one site. I will set up one for testing as soon as I can. Installed the file from your URL, and followed the same process. The version number didn't change. The Invalid token message still shows, and the task doesn't complete. I tried on both the taxonomy, as well as a normal content type. |
@diannevolek the link above (https://github.com/backdrop-contrib/filefield_sources/archive/refs/heads/1.x-1.x.zip) would give you the module with no version since it is unreleased. So if you're still seeing a version that must mean you've got the old module code still installed. Check to other directories within your modules directory. Perhaps Regardless, the fix I provided here fixes it for me and I'm not getting any "invalid upload token". |
Thank you - it works! Last time, I used the "manual install" on the Functionality page (I'm still getting familiar with the Backdrop folder system). |
Filefield sources seems to be broken, perhaps due to the recent #Drupalgeddon2 fixes?
backdrop/backdrop-issues#3057
The "Reference existing" autocomplete finds the file and fills it in but when I click "Select" I get an error notification: "Invalid upload token."
The text was updated successfully, but these errors were encountered: