core
core copied to clipboard
Bolt 5.1.13 can't save general configuration : not allowed to do that
After installing Bolt 5.1.13 by composer project command creation, I try to customize the configuration.
I want to change in config/bolt/config.yaml sitename and payoff with backend application. After clicking on the save button, a message say to me that 'I am not allowed to do that'. When I try on 5.1.12 version, no problems, I can save it without any access denied notification.
Details
Question | Answer |
---|---|
Relevant Bolt Version | 5.1.13 |
Install type | Composer install |
BC Break | yes/no?? |
PHP version | 8.1 |
Web server | Nginx 1.18.0 |
For UX/UI issues | Firefox 104 |
Reproduction
for reproduction, see the description at the beginning of this issue.
Bug summary
I saw that the problem came during the execution of method 'save' (route : /file-edit/{location}, method: POST, FileEditController) line 89 to 93.
the test (! $this->config->getFileTypes()->contains($extension)) || (Str::startsWith(path::makeRelative($filename, $basepath), '../'))
return TRUE -> that's why it don't save my changes and I have the message : You are not allowed to do that.
Specifics
Steps to reproduce
see the description at the beginning of this issue.
Expected result
As in 5.1.12 version, I would have the same behavior: as ROLE_DEVELOPER, I would like to make changes in configuration files and allowed to save it with backend application.
Actual result
For changing configuration, I must use a source editor as PhpStorm or VSCode to directly modify config.yaml file.
I can confirm this as I have the same problem. I am using Bolt 5.1.14, PHP 8.1.9 on Apache local server.
Hi, After researching why my Bolt CMS installation is behaving like this, I see that the lines I listed were added in the pull request: "Prevent renaming or moving files while editing #3295" . I do not doubt the usefulness of this modification, but I note an undesirable effect whatever the role of the administrator (ROLE_ADMIN or ROLE_DEVELOPPER), it is impossible with the interface, to modify the parameters of the application.
Always the same behavior with 5.1.15 version .....
I've looked into this, and it turns out the solution is quite simple: add yaml
to the accept_file_types
in config/bolt/config.yaml
PR incoming, to set this as default.