"Select Image" results in "Something went wrong" on asset field

Support
1

Hello everyone!

I’m trying to figure out how and what the difference is between an “Image” and an “Asset”…
The field in question is currently an Image field and still has the option to “Select an asset”.
Which is in fact what the user needs to select because “Select Image” ends in an empty Popup window with the message “Something went wrong”.

Is that the correct behavior? Am I using this wrong?

This is my system config for the “user” group:

# Cockpit settings
languages:
    en: English

site: "https://cms.domain"

groups:
    user:
        $admin: false
        $vars:
            finder.path: /storage/upload/
        cockpit:
            backend: true
            finder: false

I set the finder option to false, because I figured that the asset selection panel is actually want the user wants, because it lists all the uploaded images. But I’m kinda confused anyway :slight_smile:

If anyone knows a bit more about the topic … thanks in advance!

2

The main difference is, that images are handled as standalone files - no database entries or meta data etc. When adding an image to an entry, the img path is saved as full path (http://localhost/...), what leads to problems when uploading a local setup to the remote.

Assets have database entries and the paths are saved as relative path in entries. With the latest next branch v0.8.3 assets can be managed in virtual directories, too.

Not 100% sure, but it could be:

  • wong path after switching from local to remote
  • wrong path detection on COCKPIT_SITE_DIR if you use a symlinked environment → adjust it in defines.php

The Finder should never be allowed for non-admins. It’s easy to upload executable files or to destroy something by accident.

3

good explanation @raffaelj , and I think the assets are enough for most of the use cases, and the media library is more user-friendly than using the finder. In such case if you need the finder you can always put some restrictions on the group configuration, e.g.:

groups:
    author:
        $admin: false
        $vars:
            finder.path: /uploads/documents
            finder.allowed_uploads: pdf, doc, docx, xls, xlsx, ...
            assets.allowed_uploads: png, jpg

hope that helps

4

This works for the media manager, but the finder is too powerful. The finder.allowed_uploads filter only checks for file endings and doesn’t protect against executable code. It’s possible to upload a file evil.php.jpg, rename it with the finder to evil.php and call it afterwards via example.com/storage/uploads/evil.php. NEVER allow the finder to people you cannot trust 100%.

5

Hey guys, thanks for the explanation!

Totally! The asset selection works fine. My main question is, why the image field has an option to “select image” (which would be the intuitive thing to use but leads to a Finder popup window, which seems to be undesirable to use) and to “select asset” (which sounds weird to users but does exactly what everybody wants! :slight_smile:)

I mean everything works fine, but I just have to keep telling people to use “select asset” instead of “select image”…

6

If your biggest problem now is

telling people to use “select asset” instead of “select image”…

Here is a very simple workaround: Add a language file to path/to/cockpit/config/cockpit/i18n/en.php with this content:

<?php return array (
  'Select Image' => 'Don\'t click here',
  'Enter Image Url' => 'Don\'t click here',
  'Select Asset' => 'Select Image',
);
7

I know the finder vs assets misunderstanding. Personally I would recommend to use almost always an asset field. Image and file fields are still there due to legacy reasons (when no assets-manager existed). In the next release you also won’t be able to select from finder if the user group has finder disabled.

I agree that finder should be only available do admins.

So please try to use asset fields in future.

1 Like
8

Super cool I’ll in fact try that :smiley:

Perfect looking forward to it! Thanks again guys .)