I have "installed" the trial ASP version of CKFinder v2.3.1, and have used the Setup wizard to identify several setup issues. And now CKFinder is mostly working - drag and drop works great, view works great, and rename works great. But I cannot delete a file.
Here are the symptoms. (Note, I've replaced the real domain name with "example" just for this forum post!) When I right click an image, select "delete" and then click "OK" to indicate that I'm sure I want to delete the image, it gives me this message in a CKFinder dialog box:
It was not possible to properly load the XML response from the web server.
Raw response from the server:
HTTP Error 404
404 Not Found
etc...
I thought perhaps the setup Wizard would help. However, it's having its own problems. When it gets to test 24 of 45 it churns for awhile, then finally fails with this message:
| Status | Running test 24 of 45. |
|---|---|
| Information |
Version of the IIS server: 'Microsoft-IIS/7.0' The server is using the Asp version: 5.7 Current session variables at the server: Currently selected image component: Asp.Net. The server is using the Asp.Net framework version: 1.1.4322.2494 The server might be using this account for the Asp.Net process: NT AUTHORITY\NETWORK SERVICE |
| Errors |
Ops, there's a javascript error. This is totally unexpected. |
When I view the detailed output on the Wizard after the above failure message, I see this at the bottom:
Requested URL: assets/ckfinder.asp?what=loopback&nocache=Fri Jun 07 2013 15:33:08 GMT-0400 (Eastern Daylight Time)
Returned status: 200
Elapsed ms: 21062
Returned text:
Error loading "http://example.com/ckfinder/wizard/assets/hello.aspx" A connection with the server could not be established
However, when I test that URL, i.e.
http://example.com/ckfinder/wizard/assets/hello.aspx
by itself in the browser, it works perfectly fine and says "hello" to me. :)
Anyone run into this behavior before, or otherwise have a clue what might be going on?
Thanks in advance...
First your main problem:
First your main problem:
my guess is that your IIS might be configured with a security filter that restricts any request with a forbidden word. You can test it by trying to load first any page that you know that works correctly and then load the same page adding the same kind of request string as used in the delete file command: ?command=DeleteFiles
If now you get a 404 then it's clear that the problem is that filter and then the options would be to be able to disable it at least under certain conditions, or modify CKFinder so that the name of the command that it's send it's something slightly different like "DltFiles" (I think that you would need no modify the obfuscated ckfinder.js and then the connector.asp in line 64.
The setup wizard problem is different and it might not be related to your main problem:
In order to use asp.net from asp the connector creates a request from the asp script to an aspx page (obviously in that same server) to perform the image manipulation operations that aren't possible in classic asp.
In order to find out if such trick is possible the wizard starts by calling (from asp) the hello.aspx but it's returning that "A connection with the server could not be established" message. It seems that in one of the changes to improve detection of servers configured with Authentication I broke other simpler test, you can download an updated wizard from http://www.martinezdelizarrondo.com/ckplugins/ckfinderwizard2.3.1.zip or just modify the lines 224-225 of aspTests.js so the look like this:
Anyway, the test then will tell you this kind of message (with the correct parameters)
But the fact is that the wizard can pass that test then I would be really surprised if CKFinder is working correctly as you said because it should be able to create thumbnails or resize images.
You have changed the component from Auto to Asp.Net but to me it looks like it's not working at all.
Thanks!
alfonsoml, it looks like you hit the nail on the head. We do indeed have security filters, and your method of testing this worked perfectly. An otherwise working file with "?command=DeleteFiles" does in fact return a 404 error, whereas "?command=DltFiles" or even "?command=RemoveFiles" does not. I will make the changes you suggest, and see if that does the trick, then report back here my findings.
It is odd, isn't it, that everything else works? Drag and drop upload, file rename, thumbnails, etc. all work, just not delete.
Thanks again...
It's great to hear that!
It's great to hear that!
I don't find it odd. The security filter is performing some basic "dumb" stuff: "hey, don't delete my files, don't execute special scripts, etc..." but it just looks at the query parameters, it doesn't really understand what and how they are used, so as long as you don't use one of the blacklisted words everything is working.
The part that I find really odd is that you can get thumbnails and that the wizard fails to test the loopback for aspx.
Thanks very much again!
alfonsoml, your information was exactly correct, and the clues about where and what to change were enough for me to figure out what needed to be modified. For anyone else with a similar problem, this is what I changed. First, I found that "?command=RemoveFiles" worked just fine, i.e. it was not caught by our filter, so decided to go with that as the command name. Then I made the following changes in the following locations:
case "DeleteFiles"
to
case "RemoveFiles"
command = "DeleteFiles"
to
command = "RemoveFiles"
Those three changes seem to have done the trick! And upload, rename, etc. all appear to still be working correctly.
And thanks for the analysis of what might be wrong with the Wizard not functioning; however, given that everything appears to be functioning correctly now in CKFinder itself, I probably won't worry too much about it. However, if someone else has the same issue and needs to fix it, post it here and I'll see what I can figure out based on what alfonsoml suggested above.
Thank you!!!