Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

Releases and Announcements /

Latest news about the SilverStripe software.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

SecureFiles 0.30 Released


Go to End
Reply


17 Posts   4256 Views

Avatar
Hamish

Community Member, 712 Posts

8 April 2010 at 9:09am

Hi everyone,

SecureFiles 0.30 has been tagged and released. See: [url]http://silverstripe.org/secure-files/[/url]

New features:

  • Compatibility fixes for 2.4
  • Localisation for German, Spanish, Finnish, French and Swedish (thanks everyone who contributed)
  • Basic unit tests, "rebuild secure file rules" build task
  • Support for Apache x-sendfile headers (for best performance)
  • New permission method: Access tokens (assign time limited unique access tokens for anonymous users)
  • Developer hooks: onAccessGranted and onAccessDenied

It is likely that this will form the basis of a 1.0 release candidate. Bug reports, further translations and suggestions welcome.

Regards
Hamish

Avatar
klikhier

Community Member, 150 Posts

13 May 2010 at 1:56am

Hamish,

Have tried your module on 2.3.7 and 2.4.0 but receive error when doing the following:

- Setup clean SS installation
- Add securefiles folder and rebuild
- Unquote individual member and member group in _config
- Add user group under Security tab and add 'access to secure files'
- Add 'SecureUploads' folder, tick 'secure folder'
- Add Group Access Permissions to all groups (just for testing)
- Add file
- Go to files-tab and try to open file
- Error (using Google Chrome):

This webpage is not found.

No webpage was found for the web address: http://localhost:8888/website.com/www/assets/SecureUploads/dummy.pdf

+ More information on this error
Below is the original error message

Error 6 (net::ERR_FILE_NOT_FOUND): The file or directory could not be found.

Please note that all seems to work fine when I unquote SecureFileController::use_ss_sendfile_method(); in _config, but it says "Not recommended for production sites"

What may have caused this problem?

Avatar
Hamish

Community Member, 712 Posts

18 May 2010 at 12:52pm

That's odd - it uses essentially the same file path regardless of sending method, so I'm not sure why you're getting that error.

What type of server are you running?

Avatar
klikhier

Community Member, 150 Posts

18 May 2010 at 8:56pm

Tested both on MAMP and on a shared hosting PHP/apache webserver. Both give the same result.

Avatar
speedofmac

Community Member, 10 Posts

7 July 2010 at 4:33am

I'm having a similar problem. I installed the module fine, and the backend is working properly. After securing a folder called "members" and adding administrator access, when I try to access a file from the frontend I'm met with a simple "Not Found" or a 404 error. The same files are available without any trouble when I turn off security for that folder. At times it tried to send me to the Security (login) page with a BackURL to the file, but that didn't work, plus I was already logged in.

Avatar
Hamish

Community Member, 712 Posts

7 July 2010 at 9:56am

Please log a ticket at:

[url]http://polemic.net.nz/trac/[/url]

With as much as information you an provide about how to replicate. I've been unable to recreate the issue, so if you can give me a step my step outline that would be useful.

Regards

Hamish

Avatar
Carbon Crayon

Community Member, 598 Posts

24 August 2010 at 6:37am

Hi guys, did you ever find the solution to this?

I am having the same issue, as soon as I secure a file/folder it becomes unavailable on the front end even when logged in as an ADMIN, just gives a 404. Unsecure it and the file can be accessed again.

Strangely it works fine on my local enviroment (WAMP), but not on a Cpanel VPS or Cpanel shared hosting env.

I have tried both v0.30 and trunk both with the same results. Using SS v2.4.0.

any help would be most appreciated :)

Aram

Avatar
Carbon Crayon

Community Member, 598 Posts

24 August 2010 at 6:58am

Just to (possibly) add a bit more info to this, when I added the
<Directory /www/assets>
Options None
</Directory>
to my httpd.conf file as suggested in the README, I got this error in apache:

[Mon Aug 23 19:08:43 2010] [error] [client 188.223.81.82] Options FollowSymLinks or SymLinksIfOwnerMatch is off which implies that RewriteRule directive is forbidden: /home/aabweb/public_html/sfx/assets/Uploads/Testfile.0001.jpg

and a SilverStripe 404 page when trying to access the file.

Not sure what that means in terms of the problem but thought it worth reporting.....

Go to Top