CFileBrowser - bad request code 400

dojoh · February 14, 2011, 11:57am

hi everybody,

i’ve experienced some problems trying to use the FileBrowser Widget (i’m not allowed to link it… first post).

i’ve included the code to one of my views:




<?php $this->widget('application.extensions.cfilebrowser.CFileBrowserWidget',array(

                'script'=>array('object/filebrowser'),

                'root'=>'/',

                'folderEvent'=>'click',

                'expandSpeed'=>1000,

                'collapseSpeed'=>1000,

                'multiFolder'=>true,

                'loadMessage'=>'File Browser Is Loading...hang on a sec',

                'callbackFunction'=>'alert("I selected " + f)'

)); ?>

in the ObjectController i added the following:




	public function actionFileBrowser()

	{

		$root = '/';

		

		$_POST['dir'] = urldecode($_POST['dir']);


		if( file_exists($root . $_POST['dir']) ) {

			$files = scandir($root . $_POST['dir']);

			natcasesort($files);

			if( count($files) > 2 ) { /* The 2 accounts for . and .. */

				echo "<ul class=\"jqueryFileTree\" style=\"display: none;\">";

				// All dirs

				foreach( $files as $file ) {

					if( file_exists($root . $_POST['dir'] . $file) && $file != '.' && $file != '..' && is_dir($root . $_POST['dir'] . $file) ) {

						echo "<li class=\"directory collapsed\"><a href=\"#\" rel=\"" . htmlentities($_POST['dir'] . $file) . "/\">" . htmlentities($file) . "</a></li>";

					}

				}

				// All files

				foreach( $files as $file ) {

					if( file_exists($root . $_POST['dir'] . $file) && $file != '.' && $file != '..' && !is_dir($root . $_POST['dir'] . $file) ) {

						$ext = preg_replace('/^.*\./', '', $file);

						echo "<li class=\"file ext_$ext\"><a href=\"#\" rel=\"" . htmlentities($_POST['dir'] . $file) . "\">" . htmlentities($file) . "</a></li>";

					}

				}

				echo "</ul>";	

			}

		}

	}

But i don’t see i thing if i try to run the widget. (well if i look at the sourcecode the scripts are included,the <div id=“filebrowser”></div> is included etcpp.)

i’ve traced the problem down by looking at the apache accesslog file:

i’ve tried localhost/yii2/3ddb/object/filebrowser (well it returns a blank page as there is no post data set…)

i’m running windows 7 with xampp (version 1.7.3, Apache 2.2.14, PHP 5.3.1) and i’m using mod_rewrite:

.htaccess




Options +FollowSymLinks

IndexIgnore */*

RewriteEngine on


# if a directory or a file exists, use it directly

RewriteCond %{REQUEST_FILENAME} !-f

RewriteCond %{REQUEST_FILENAME} !-d


# otherwise forward it to index.php

RewriteRule . index.php

wich works fine…

so by now i don’t know what else to try. do you have any suggestions?

thanks a lot.

Ole

dojoh · February 16, 2011, 11:30am

hi,

just found the problem:

i enabled the XSS protection

config file:




'request'=>array(

           'enableCsrfValidation'=>true,

),

just removed it and it works perfectly.

as i don’t have any experiance with cross site scripting i was woundering if its possible to create some kind of exception? or how to aproach this.