Answered NewsPublisher: Can't get ElFinder to restrict user to a single directory.

Hi all,

Using NewsPublisher to allow users to do front end resource submissions.

Edit: MODX 2.6.5-pl and NewsPublisher 3.0.4

NewsPublisher uses ElFinder and I am having problems restricting users from seeing and being able to access the entire public_html directory tree in the file explorer when uploading an image.

I have tried to follow Bob's Guide for NewsPublisher as closely as I can. Currently, my ElfinderConnector snippet looks like this:

[[!npElFinderConnector? &disableCommands=`archive, download, cut, copy, paste, duplicate, edit, open, mkdir, mkfile, netmount, netunmount, rm, rename, quicklook, view` &browserStartPath=`/directory/sub_directory` &browserStartURL=`/directory/sub_directory` &browserBasePath=`/home/mysite/public_html` &browserBaseURL=`/directory/sub_directory`]]

What am I doing wrong? Any help would be really appreciated, this has been a major roadblock for me.

You're explicitly giving them access to the entire public_html directory with this property:



Change that to a directory lower down and they will only be able to browse that directory and those below it. IOW, it should match the &browserBaseURL setting.

Hi Bob,

Thanks for your reply and thanks for creating NewsPublisher - it's great.

I'm sorry if I'm not understanding this right, but I have updated my snippet to the below:



ElFinder is still showing the entire public_html directory though.



EDIT: Grammar. [ed. note: mick2470 last edited this post 5 years, 8 months ago.]

Try to remove anything StartPath

Quote from: donshakespeare at Aug 22, 2018, 09:40 PM

Try to remove anything StartPath

&browserBasePath=`/home/mysite/public_html/subfolder/`//add final slash
&browserBaseURL=`/subfolder/` //make this a proper web-accessible url

Hey donshakespeare,

Tried this, but still no luck unfortunately.

I'm glad you got it sorted. Thanks for reporting back.