@coderader can you confirm the name of the cookie that you can see in the chrome developer tools. Look at the network tab after loading a page in phplist to see the cookies sent with that request.
That’s correct. Just to be clear, previously you were using phplist 3.5.1 and the browse server button worked correctly? You have not made any changes related to the phplist session.
The “permissions” don’t refer to file permissions but whether you are allowed to browse images.
@coderader there shouldn’t be any permission problem. The message is issued by the image browser, kcfinder, when it thinks that it is not enabled. That enabling is done by the ckeditor plugin.
Can you let me have a look at your phplist? Send a private message with the URL and admin credentials.
Hi, we too had an automatic update from 3.5.4 to 3.5.5 and found the issue with the kcfinder plugin.
I have reinstalled phplist-plugin-ckeditor manually from the github zip file, and updated the Ckeditor url setting, but the function phplistSession still exit’s with “Not logged in”.
It seems that in our installation the session it’s not recovered in the popup, although the session id’s are the same.
In the function phplistSession, a var_dump($_SESSION); after @session_start(); returns array(0).
Thank you for the hint, session.auto_start = 0; but sadly php.ini not owned by us (shared hosting).
I’ve tried to place ini_set('session.auto_start', 1); in phplist.php and init.php, before the other ini stuff, but don’t works as expected, the dump shows only few things:
@glaucosession.auto_start = 0 is what I would want it to be, so the current setting is correct.
I did experiment with setting that to 1, but that worked anyway.
What is the hosting environment, and which version of php is being used?
@glauco You can try replacing the file plugins/CKEditorPlugin/kcfinder/integration/phplist.php to try to show which statements are failing
<?php
function phplistSession()
{
// Use the same session initialisation as phplist in file init.php
if (false === ini_set('session.name', 'phpListSession')) {
echo 'unable to set session name';
}
if (false === ini_set('session.cookie_samesite', 'Strict')) {
echo 'unable to set cookie_samesite';
}
if (false === ini_set('session.use_only_cookies', 1)) {
echo 'unable to set use_only_cookies';
}
if (false === ini_set('session.cookie_httponly', 1)) {
echo 'unable to set cookie_httponly';
}
if (false === session_start()) {
echo 'unable to start session';
}
if (empty($_SESSION['adminloggedin'])) {
die('Not logged in');
}
}
phplistSession();
We use php 7.4 (i’ve tried every version, starting from 5.6)
With the new function no error was thrown, appartently a curl -I confirms that the ini_set’s are working.
@glauco are you able to give me temporary access to your web server in order to try to debug what is not working? Send me a private message with the access details if you want to do that.