8 – Cannot upload file of type image

I am experiencing a really strange behavior I have never seen before with Drupal. I am able to upload files of every type but not images. The files system is public. The problem appears on the local test server and on the live server.

Error message:
The image upload widget shows the standard error box logging:
**The file xyz.jpg could not be uploaded.

  • This value should not be null**

This issue appears on the whole site on every image of the file field widget within the backend.
Even the file upload for Drupal’s “File Archive” does just work with every other file type than ‘jpg’, ‘jpeg’, ‘gif’, ‘png’ file types.

The issue appeared after updating to the “web/” file structure while also updating the core to 8.8. I tried to update to 8.9.12 including every module installed but the error when trying to upload a file stays.

I rechecked all the settings regarding “tmp folder” and also tested the folder access rights (chown, chmod). It is set to 777.

I updated the database (drush updb) and also rebuild the cache (drush cr).

No PHP error log is created (not in Drupals Watchdog or the apache log).

I am sure that it is not a configuration issue as I am able to upload files that are not image files without problems. Another interesting bit is that when uploading a file it is actually created in the final sites/default/files location. The file also has the correct owner and access rights.

I could not find a related issue when researching nor I am able to come up with another idea. I even tried to change the file system to private, created new entities with image or file fields and tried different image upload widgets – nothing seems to work.

Any help is greatly appreciated.

reactjs – Pl upload zip the file before uploading

I am trying to zip the file before uploading with plupload

Plupload.bind('FilesAdded', (up, files) => {
   // 1. Check file
   // 2. Access file content here (Need input how we can access it? or pass file object to JS zip)
   // 3. Zip the file using // using JS Zip may be, this need blob, or array or content
   // 4. Add Zipped content in queue, with new file name and remove current file from the queue.

I am looking for help regarding point number 2 and 3. Where in I need to extract file content and pass blob or file object to JS Zip so it can zip it correctly.

Thanks for help.

8 – How to upload multiple files in a custom form with Form API

I have a custom form created with Form API. In this form, I have a file field with the type managed_file

$form('fichiers_justificatif') = array(
    '#type' => 'managed_file',
    '#title' => 'justificatifs',
    '#upload_validators' => $validators,
    '#upload_location' => 'private://justificatifs',
    '#multiple' => TRUE,
    '#description' => 'types de fichier autorisés : png gif jpg jpeg pdf doc',

It works well, I can upload a file, get its name and url.

But I don’t know how to have a multiple file upload like the one with see in admin or with the webform module.

Example of webform module which handle multiple files upload :

enter image description here

I’ve tried to add '#multiple' => TRUE, but I have an Ajax error after the 2nd file is submitted.

I’ve tried this module Multi-value form element but still have AJAX issue.

I’ve tried drop zone.js but I’n not satisfied with it since it adds an other interface for file (different from the one in admin). User are confused there is an other interface for files.

What could be the better way to handle this ?

Upload file to Microsoft OneDrive using graph SDK using asp.net core

I am trying to upload a file to OneDrive using Graph SDK for .Net Core from worker service.
Basically, some files are created at random time and those files needs to be uploaded to specified path on OneDrive from worker service at midnight every day.
I have following information stored in appconfig.json file in application:

  • ClientID
  • ClientSecret
  • TenantID

I have checked samples on various sites but could not find how to upload files using above ID and Secret. I believe there must but some kind of authProvider that I could initialize using above ID and Secret.

I also checked miscrosoft’s documentation but coudl not find any example on how to upload file using SDK with ID and Secret.


Any help would be appreciated.

iis 8.5 – Why would a Mac client be able to upload large files to IIS WebDAV when Windows clients can’t?

My company needs to share large (~1-2 GB) data files with several partner organizations. For reasons that don’t matter, we decided to go with WebDAV (in IIS 8.5 on Windows Server 2012 R2) over SSL. This is raw IIS. To keep things simple, we told them to create a network location in File Explorer and just copy the file normally.

The partner organizations were able to download their files before reviewing them.

However, when most of the organizations tried to upload their files back to the WebDAV site, the upload failed with a 413.1 (content too large) error. A file of size 0 is created.

The sole exception was an organization who used a Mac. They were able to upload their file successfully! (the log entry said “darwin” instead of “Microsoft-WebDAV-MiniRedir”)

I found comments elsewhere for increasing a read-ahead buffer size; however, that’s for a 413.0 error. There are also questions that suggest increasing the size of other attributes in web.config. However, they apply to ASP.NET applications.

But none of those things would explain why the partner using a Mac client was able to upload their file.

magento2.3 – Magento 2: How to upload multiple images to Customer from Admin

Wanting to upload multiple images to a customer account via the admin. Below I’ve created a custom customer attribute that allows a single image / file upload, but how can I make this a multiple file upload?



namespace MyCompanyMyModuleSetup;

use MagentoEavSetupEavSetupFactory;
use MagentoCustomerSetupCustomerSetupFactory;
use MagentoFrameworkSetupInstallDataInterface;
use MagentoFrameworkSetupModuleContextInterface;
use MagentoFrameworkSetupModuleDataSetupInterface;

class InstallData implements InstallDataInterface
  private $eavSetupFactory;
  private $customerSetupFactory;

  public function __construct(
    EavSetupFactory $eavSetupFactory,
    CustomerSetupFactory $customerSetupFactory
      $this->eavSetupFactory = $eavSetupFactory;
      $this->customerSetupFactory = $customerSetupFactory;

    public function install(
      ModuleDataSetupInterface $setup,
      ModuleContextInterface $context
    ) {

      $eavSetup = $this->eavSetupFactory->create(('setup' => $setup));
      $customerSetup = $this->customerSetupFactory->create(('setup' => $setup));

      $attributeCode = 'customer_logos';

          'type' => 'varchar',
          'input' => 'file',
          'label' => 'Customer Logos',
          'source' => '',
          'required' => false,
          'visible' => true,
          'position' => 200,
          'system' => false,
          'backend' => ''

      // used this attribute in the following forms
      $attribute = $customerSetup->getEavConfig()
      ->getAttribute(MagentoCustomerModelCustomer::ENTITY, $attributeCode)
        ('used_in_forms' => (


xss – Prevent Cross Site Scripting but still support HTML file upload

I have a web application where user can upload and view files. The user has a link next to the file (s)he has uploaded. Clicking on the link will open the file in the browser (if possible) or show the download dialog (of the browser). Meaning that, if the user upload an html/pdf/txt file it will be rendered in the browser but if it is a word document, it will be downloaded. The file url is like https://mydoma.in/ran-dom-guid.

It is identified that rendering the HTML file in the browser could be a vulnerability – Cross Site Scripting. That is, since the file is executed under my domain, it is possible to attack if it contains a malicious script.

What is the right solution to this problem? The two options I am currently looking at are:

  1. to put Content-Disposition header in the response to make HTML files downloaded instead viewed in the browser.
  2. to find some html scrubbing/sanitizing library to remove any javascript from the file before I serve it.

Looking at the gmail, they do the second approach (of scrubbing) with having a separate domain for the file download – may be to minimize/distract the attack surface. However in this approach the receiver gets a different file than what was sent. Which is not ‘right’ in my opinion; may be I am biased. In my case, the first one is easy to fix. But I wonder if that is enough, or is there any thing that I overlook!

What are your thoughts on these approaches? Or do you have any other suggestions?