kcfinder error 500
Civicrm 5.43 and 5.44 under Drupal 8, launching kcfinder from ckeditor give an 500 error. Php script integration/civicrm.php try to call civicrm.config.php located in web/libraries/civicrm/, and this file does not exist. Copying this file from an Drupal 7 installation is not sufficent, because civicrm.settings.php is not searched in correct location.
--- ../../mcm65/sites/all/modules/civicrm/civicrm.config.php 2021-11-15 21:42:13.000000000 +0100
+++ libraries/civicrm/civicrm.config.php 2021-12-07 21:14:33.380121826 +0100
@@ -87,6 +87,11 @@
return $confdir;
}
+ if (file_exists($_SERVER['DOCUMENT_ROOT'] . DIRECTORY_SEPARATOR . 'sites' . DIRECTORY_SEPARATOR . 'default' .
+ DIRECTORY_SEPARATOR . 'civicrm.settings.php')) {
+ return $_SERVER['DOCUMENT_ROOT'] . DIRECTORY_SEPARATOR . 'sites' . DIRECTORY_SEPARATOR . 'default';
+ }
+
if (!file_exists($confdir) && !$skipConfigError) {
echo "Could not find valid configuration dir, best guess: $confdir<br/><br/>\n";
exit();
Another point, .htaccess in /web directory Deny access to most php files in public directory. We must allow access to php files under kcfinder directory :
# For security reasons, deny access to other PHP files on public sites.
# Note: The following URI conditions are not anchored at the start (^),
# because Drupal may be located in a subdirectory. To further improve
# security, you can replace '!/' with '!^/'.
# Allow access to PHP files in /core (like authorize.php or install.php):
RewriteCond %{REQUEST_URI} !/core/[^/]*\.php$
# Allow access to test-specific PHP files:
RewriteCond %{REQUEST_URI} !/core/modules/system/tests/https?.php
# Allow access to Statistics module's custom front controller.
# Copy and adapt this rule to directly execute PHP files in contributed or
# custom modules or to run another PHP application in the same directory.
RewriteCond %{REQUEST_URI} !/core/modules/statistics/statistics.php$
RewriteCond %{REQUEST_URI} !/libraries/civicrm/packages/kcfinder/[a-z_]+\.php$
RewriteCond %{REQUEST_URI} !/libraries/civicrm/packages/kcfinder/.*/[a-z_]+\.php$
# Deny access to any other PHP files that do not match the rules above.
# Specifically, disallow autoload.php from being served directly.
RewriteRule "^(.+/.*|autoload)\.php($|/)" - [F]