Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

Releases and Announcements

Latest news about the SilverStripe software.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

SecureFiles 0.30 Released


Go to End
Reply

17 Posts   4220 Views

Avatar
Hamish

8 April 2010 at 9:09am Community Member, 712 Posts

Hi everyone,

SecureFiles 0.30 has been tagged and released. See: [url]http://silverstripe.org/secure-files/[/url]

New features:

  • Compatibility fixes for 2.4
  • Localisation for German, Spanish, Finnish, French and Swedish (thanks everyone who contributed)
  • Basic unit tests, "rebuild secure file rules" build task
  • Support for Apache x-sendfile headers (for best performance)
  • New permission method: Access tokens (assign time limited unique access tokens for anonymous users)
  • Developer hooks: onAccessGranted and onAccessDenied

It is likely that this will form the basis of a 1.0 release candidate. Bug reports, further translations and suggestions welcome.

Regards
Hamish

Avatar
klikhier

13 May 2010 at 1:56am Community Member, 150 Posts

Hamish,

Have tried your module on 2.3.7 and 2.4.0 but receive error when doing the following:

- Setup clean SS installation
- Add securefiles folder and rebuild
- Unquote individual member and member group in _config
- Add user group under Security tab and add 'access to secure files'
- Add 'SecureUploads' folder, tick 'secure folder'
- Add Group Access Permissions to all groups (just for testing)
- Add file
- Go to files-tab and try to open file
- Error (using Google Chrome):

This webpage is not found.

No webpage was found for the web address: http://localhost:8888/website.com/www/assets/SecureUploads/dummy.pdf

+ More information on this error
Below is the original error message

Error 6 (net::ERR_FILE_NOT_FOUND): The file or directory could not be found.

Please note that all seems to work fine when I unquote SecureFileController::use_ss_sendfile_method(); in _config, but it says "Not recommended for production sites"

What may have caused this problem?

Avatar
Hamish

18 May 2010 at 12:52pm Community Member, 712 Posts

That's odd - it uses essentially the same file path regardless of sending method, so I'm not sure why you're getting that error.

What type of server are you running?

Avatar
klikhier

18 May 2010 at 8:56pm Community Member, 150 Posts

Tested both on MAMP and on a shared hosting PHP/apache webserver. Both give the same result.

Avatar
speedofmac

7 July 2010 at 4:33am Community Member, 10 Posts

I'm having a similar problem. I installed the module fine, and the backend is working properly. After securing a folder called "members" and adding administrator access, when I try to access a file from the frontend I'm met with a simple "Not Found" or a 404 error. The same files are available without any trouble when I turn off security for that folder. At times it tried to send me to the Security (login) page with a BackURL to the file, but that didn't work, plus I was already logged in.

Avatar
Hamish

7 July 2010 at 9:56am Community Member, 712 Posts

Please log a ticket at:

[url]http://polemic.net.nz/trac/[/url]

With as much as information you an provide about how to replicate. I've been unable to recreate the issue, so if you can give me a step my step outline that would be useful.

Regards

Hamish

Avatar
Carbon Crayon

24 August 2010 at 6:37am Community Member, 598 Posts

Hi guys, did you ever find the solution to this?

I am having the same issue, as soon as I secure a file/folder it becomes unavailable on the front end even when logged in as an ADMIN, just gives a 404. Unsecure it and the file can be accessed again.

Strangely it works fine on my local enviroment (WAMP), but not on a Cpanel VPS or Cpanel shared hosting env.

I have tried both v0.30 and trunk both with the same results. Using SS v2.4.0.

any help would be most appreciated :)

Aram

Avatar
Carbon Crayon

24 August 2010 at 6:58am Community Member, 598 Posts

Just to (possibly) add a bit more info to this, when I added the
<Directory /www/assets>
Options None
</Directory>
to my httpd.conf file as suggested in the README, I got this error in apache:

[Mon Aug 23 19:08:43 2010] [error] [client 188.223.81.82] Options FollowSymLinks or SymLinksIfOwnerMatch is off which implies that RewriteRule directive is forbidden: /home/aabweb/public_html/sfx/assets/Uploads/Testfile.0001.jpg

and a SilverStripe 404 page when trying to access the file.

Not sure what that means in terms of the problem but thought it worth reporting.....

Go to Top