Hi,
I'm was experiencing this issue as well, but I was able to learn some things that fixed my problem and may help others. For me, the "HTTP Error" appeared briefly, but the file(s) do upload correctly if I'm logged in as admin. Some file extensions would not upload correctly if I was not admin.

I'm using MultipleFileUploadField in a slightly unique way where we provide a bulk upload to a folder, but the files are not linked at all by a field on a DataObject.

SS: 2.4.3
display_errors is set to 1, dev mode enabled, UploadifyField::show_debug(); set.

I was receiving an email like so:

Error: Uncaught ValidationException: Validation error writing a File object: Extension is not allowed (valid: , ace, arc, arj, asf, au, avi, bmp, bz2, cab, cda, css, csv, dmg, doc, docx, flv, gif, gz, hqx, htm, html, ico, jar, jpeg, jpg, js, m4a, m4v, mid, midi, mkv, mov, mp3, mp4, mpa, mpeg, mpg, ogg, pages, pcx, pdf, pkg, png, pps, ppt, pptx, ra, ram, rm, rtf, sit, sitx, swf, tar, tgz, tif, tiff, txt, wav, wma, wmv, xhtml, xls, xlsx, xml, zip, zipx). Object not written.
At line 931 in /Enterprise_designkh/kh/sapphire/core/model/DataObject.php

I only receive this message for types which are not listed of course, but as I mentioned: if I was logged in as an admin they would still be uploaded. For example, I receive the HTTP Error notice when uploading an exe, but not when uploading a .zip.
However, Uploadify debug info shows:

fileExt: *.*

It looks like the way to modify allowed extensions is a bit clunky: you have to set File::allowed_extensions and update the .htaccess file in the assets folder.

To add extensions to File::allowed_extensions I put the following into _config.php. You could use array_merge() or something if you wanted to add more than one and keep the code pretty.

File::$allowed_extensions[] = "exe";

Then you can either edit the .htaccess file in the assets folder—there are instructions in that file provided with SilverStripe—or you can just delete the /assets/.htaccess file, though that may not be a good security practice.

After making those changes my problems have gone away and everything works fine now.
As a final thought, could be nice if the extensions set on Uploadify were able to overwrite the File::allowed_extensions, but is it possible to dynamically overwrite the .htaccess file extensions list??

Hmm ... interesting... but I have also HTTP Error when I'm logged in as Admin ... and with different file types.

I also get the 'HTTP Error' with allowed image file types and when logged in as an admin. My issue is definitely related to authentication though, as I can see the system redirecting to the login page when using WireShark. Unfortunately, I'm having trouble pin pointing where it's redirecting to the login page.

Hi all,
I was just posting about this issue on LeftAndMain.com. http://www.leftandmain.com/silverstripe-modules/2010/08/26/uploadify/#comment-259
But this seems to be an Uploadify issue or more, a swfupload issue.

http://www.google.com/search?q=uploadify+HTTP+Error+302&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:nl:official&client=firefox-a#hl=en&client=firefox-a&hs=grM&rls=org.mozilla:nl:official&q=+site:uploadify.com+uploadify+HTTP+Error+302&sa=X&ei=Sab_TIunJ8-t8QP8r6yMCw&ved=0CCMQrQIwAQ&fp=7b9141da4f416ce8

The Flash plugin on Mac is not handling the session okay so a redirect is the result to the login page.

But now I hope someone finds a solution to get the session okay to the uploader. I'll keep trying because this is a big issue for me at the moment but my knowledge of this is little.
Would it be possible to sent the session als GET var in the action.url of uploadify? (just a thought)

The session id is passed along with the Flash request. You'll see in uploadify/_config.php that the session id is set from the request. I'm not sure what that wouldn't be working. Maybe try turning off session_use_only_cookies ?

--------------------
SilverStripe tips, tutorials, screencasts and more: http://www.leftandmain.com

That doesn't fix it for me.

I am affraid that a new version of swfobject is needed. The flash doesn't handle the session right.

It doesn't need to handle the session. It passes the session ID as a request parameter, and the server should grab that and set the session ID from that value.

Did upgrading SWFObject fix the problem?

jj
--------------------
SilverStripe tips, tutorials, screencasts and more: http://www.leftandmain.com

But how can it be that I am redirected to /Security/login?BackURL....?

Didn't try upgrading SWFObject (yet)...mainly because reading on the SWFObject I don't see any solutions for this problem.