KCFinder on D9: You don't have permissions to browse server.
The issue is very similar to this one:
and the proposed workaround is solving it (reverting this commit), but I think the root cause is different.
Steps to reproduce
- Use CKEditor4 as Wysiwig Editor
- Create Event
- Insert image to description
- Try to browse, or upload image
- Error: You don't have permissions to browse server.
In my case classes are found, so it's not namespacing. After some debugging, I think the following happens:
civicrm/packages/kcfinder/integration/civicrm.phpDrupal is bootstrapped, user authenticated and correct
KCFINDERparams are added to the
$_SESSION['KCFINDER']['disabled'] = false; $_SESSION['KCFINDER']['uploadURL'] = $config->imageUploadURL; $_SESSION['KCFINDER']['uploadDir'] = $config->imageUploadDir;
- Then in
\kcfinder\uploader::construct()session ID is requested from Drupal (
Drupal\Core\Session\SessionManager::start()finds no session so starts a new one, thus removing
$_SESSION. This way kcfinder defaults are used, which is to disable access.
So I thought it's a cookie issue (though
$_COOKIE was populated with all the cookies all the way through).
CRM_Utils_System_Drupal8::loadBootStrap() to pass cookies to the Symfony request:
$request = new \Symfony\Component\HttpFoundation\Request(, , , $_COOKIE, , $_SERVER);
This way session was found in step 3 above, it was restored, but it also didn't contained the
KCFINDER array as
$_SESSION was overwritten by restoring.
So I'm stuck here, probably I'm missing something obvious, but currently I can't see why should it behave differently.
Has anybody any idea?
Relevant issues in other repos: