Cannot Browse Server After upgrading to 3.5.5

That didn’t do it. I verified my plugin is the right one.

I’m using Chrome and closed it down and restarted it.

I also tried in the developer tools, clearing the cookie for my site and starting fresh.

I get the same problem. It happens with both “Browse Server” and over in the advanced when I try to “Send to Server.”

@coderader can you confirm the name of the cookie that you can see in the chrome developer tools. Look at the network tab after loading a page in phplist to see the cookies sent with that request.

phpListSession. It also creates browsetrail

That’s correct. Just to be clear, previously you were using phplist 3.5.1 and the browse server button worked correctly? You have not made any changes related to the phplist session.
The “permissions” don’t refer to file permissions but whether you are allowed to browse images.

It was 3.5.1 and the browse server button did work. So it isn’t working with the file permissions, but user permissions?

@coderader there shouldn’t be any permission problem. The message is issued by the image browser, kcfinder, when it thinks that it is not enabled. That enabling is done by the ckeditor plugin.
Can you let me have a look at your phplist? Send a private message with the URL and admin credentials.

I have the same problem. After upgrading from 3.5.4.
I can give admin access.

@igorz you can send me the admin access details in a private message by clicking my name (duncanc).

@igorz @coderader Did you update phplist using the automatic Updater? If so please can you manually update the ckeditor plugin.

On the Manage Plugins page enter this in the Plugin package URL field
https://github.com/bramley/phplist-plugin-ckeditor/archive/master.zip

Yes, update by automatic Updater. The plugins are still old. After updating CKEditorPlugin everything is fine.

@igorz thanks. There is a problem with the automatic updater not installing the latest plugins.

In release 3.5.5 the ckeditor plugin needs to be updated in line with the new phplist release. I will look at raising an issue with the updater.

1 Like

I had used the automated updater as well. Replacing manually fixed it. Thanks for the help Duncan.

Hi, we too had an automatic update from 3.5.4 to 3.5.5 and found the issue with the kcfinder plugin.
I have reinstalled phplist-plugin-ckeditor manually from the github zip file, and updated the Ckeditor url setting, but the function phplistSession still exit’s with “Not logged in”.

It seems that in our installation the session it’s not recovered in the popup, although the session id’s are the same.

In the function phplistSession, a var_dump($_SESSION); after @session_start(); returns array(0).

@glauco can you check what the value session.auto_start has in php.ini?

If you can give me access to your phplist then I can take a look. Send me a private message with the admin credentials and the URL.

Thank you for the hint, session.auto_start = 0; but sadly php.ini not owned by us (shared hosting).

I’ve tried to place ini_set('session.auto_start', 1); in phplist.php and init.php, before the other ini stuff, but don’t works as expected, the dump shows only few things:

array(1) { 
	["KCFINDER"]=> array(2) { 
		["stamp"]=> array(2) { 
			["ip"]=> string(11) "XX.XX.XX.XX" 
			["agent"]=> string(32) "a2de6400cde0533e396bb5b0f5b6ea3f" 
		} 
		["self"]=> array(1) { 
			["dir"]=> string(5) "files" 
		} 
	} 
}

@glauco session.auto_start = 0 is what I would want it to be, so the current setting is correct.
I did experiment with setting that to 1, but that worked anyway.
What is the hosting environment, and which version of php is being used?

@glauco You can try replacing the file plugins/CKEditorPlugin/kcfinder/integration/phplist.php to try to show which statements are failing

<?php

function phplistSession()
{
    // Use the same session initialisation as phplist in file init.php
    if (false === ini_set('session.name', 'phpListSession')) {
        echo 'unable to set session name';
    }
    if (false === ini_set('session.cookie_samesite', 'Strict')) {
        echo 'unable to set cookie_samesite';
    }
    if (false === ini_set('session.use_only_cookies', 1)) {
        echo 'unable to set use_only_cookies';
    }
    if (false === ini_set('session.cookie_httponly', 1)) {
        echo 'unable to set cookie_httponly';
    }

    if (false === session_start()) {
        echo 'unable to start session';
    }

    if (empty($_SESSION['adminloggedin'])) {
        die('Not logged in');
    }
}
phplistSession();

We use php 7.4 (i’ve tried every version, starting from 5.6)
With the new function no error was thrown, appartently a curl -I confirms that the ini_set’s are working.

HTTP/2 200
date: Sat, 25 Jul 2020 09:42:39 GMT
server: Apache
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: phpListSession=0e9fb958133f8609079b3dc49bb5835d; path=/; HttpOnly; SameSite=Strict
content-type: text/html; charset=UTF-8

but it still shows no adminloggedin var.

@glauco are you able to give me temporary access to your web server in order to try to debug what is not working? Send me a private message with the access details if you want to do that.

Sadly i still can’t send PM, im a trust level 0 user.
I’ve sent you a message through your website.