This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.
Please use forum.silverstripe.org for any new questions
(announcement).
The forum archive will stick around, but will be read only.
You can also use our Slack channel
or StackOverflow to ask for help.
Check out our community overview for more options to contribute.
I've been doing a bit of digging by way of debugging this.
The SecureFilePermission table gets created but the File table is not modified, I'm expecting a Secured and MemberPermission field to get added to the File table but it's unchanged.
It's as if SS is ignoring SecureFileDecorator.php (or _config.php) for some reason.
Adding the contents of /securefiles/code/_config.php to mysite/_config.php and rebuilding (/dev/build) modified the File table and added the Security tab so it looks like SS is ignoring the _config.php file for some reason. I've checked the file permissions and they seem fine so it looks like I've put something in the wrong place...
I did some moving around of the four main php files and the _config.php file.
Just extracting the archive to the silverstripe directory so that the main files were in silverstripe/securefiles/code didn't work but moving the _config.php file up a level to silverstripe/securefiles/ did.
Moving the modified securefiles directory into another sub-directory of silverstripe/, so that everything was one level lower, broke it again. Moving the _config.php file back up a level mended it again. It would seem that the _config.php file can only reside in directories that are the immediate children of silverstripe/. Silverstripe is quite happy to go and hunt for the other files but not _config.php.
Just as an experiment I moved my mysite/_config.php to mysite/newdir/_config.php. Nothing to do with securefiles but, as it gave a white screen of death, adds weight to the argument that Silverstripe is a bit fussy about the location of its _config.php files.
In conclusion then, on my setup (fedora+apache+php) with SS2.3.0 (and probably 2.3.1) the _config.php file needs to be in a directory that itself is the immediate child of silverstripe/.
In conclusion then, on my setup (fedora+apache+php) with SS2.3.0 (and probably 2.3.1) the _config.php file needs to be in a directory that itself is the immediate child of silverstripe/
That is correct - all modules are created this way.
It sounds like you have not extracted the tar correctly. _config.php is in the securefiles folder, a direct child of your silverstripe website. The 4 main php files should be in the code folder. You should also have a lang folder.
It looks like I somehow managed to move the _config.php file within the archive - I must have been viewing it and slipped with the mouse! Then, having modified the archive, it didn't matter how many times I extracted it; the _config.php file was in the wrong place. Oh well!
Thanks for the reply and thanks for writing the module, I'm off to secure some files...
FYI, I have given the module a new home on Google code:
http://code.google.com/p/silverstripe-securefiles/
You check it out of the SVN repo at:
http://silverstripe-securefiles.googlecode.com/svn/trunk/
Please log bugs or change requests on the project page issue tracker.
I also had some .htaccess problems with securefiles module. My webhosting uses apache (don't know which version version) but changing securefiles/code/SecureFileController.php line 22 did the job as HansR suggested.
//"RewriteBase " . BASE_URL . "\n" .
"RewriteBase /\n" .
Yes, group permissions would be a nice feature :-)
Hi,
i can't get this to work. Maybe one of you could help me?
If I just install the modul and secure a folder, I get an Server Error (500) when I request a file from that folder:
/var/syscp/webs/x75/kwf/assets/image-gallery/.htaccess: RewriteBase takes one argument, the base URL of the per-directory context
Then if I change the RewriteBase as suggested to "/" I get an 404, when I try to request anything from that folder. I enabled logging of mod_rewrite. As far as I can tell, it seems like it tries to load main.php from within the asset folder:
93.197.214.48 - - [21/Sep/2009:20:26:35 +0200] [kwf.server12.levelx.de/sid#1302d40][rid#16841c8/initial] (3) [perdir /var/syscp/webs/x75/kwf/assets/image-gallery/] strip per-dir prefix: /var/syscp/webs/x75/kwf/assets/image-gallery/Preysingstrae/Zitronenfalter-Gruppe/12FMSTeamoverFritz1.jpg -> Preysin$
93.197.214.48 - - [21/Sep/2009:20:26:35 +0200] [kwf.server12.levelx.de/sid#1302d40][rid#16841c8/initial] (3) [perdir /var/syscp/webs/x75/kwf/assets/image-gallery/] applying pattern '(.*)' to uri 'Preysingstrae/Zitronenfalter-Gruppe/12FMSTeamoverFritz1.jpg'
93.197.214.48 - - [21/Sep/2009:20:26:35 +0200] [kwf.server12.levelx.de/sid#1302d40][rid#16841c8/initial] (4) [perdir /var/syscp/webs/x75/kwf/assets/image-gallery/] RewriteCond: input='/assets/image-gallery/Preysingstrae/Zitronenfalter-Gruppe/12FMSTeamoverFritz1.jpg' pattern='^(.*)$' => matched
93.197.214.48 - - [21/Sep/2009:20:26:35 +0200] [kwf.server12.levelx.de/sid#1302d40][rid#16841c8/initial] (2) [perdir /var/syscp/webs/x75/kwf/assets/image-gallery/] rewrite 'Preysingstrae/Zitronenfalter-Gruppe/12FMSTeamoverFritz1.jpg' -> 'sapphire/main.php?url=/assets/image-gallery/Preysingstrae/Zitro$
93.197.214.48 - - [21/Sep/2009:20:26:35 +0200] [kwf.server12.levelx.de/sid#1302d40][rid#16841c8/initial] (3) split uri=sapphire/main.php?url=/assets/image-gallery/Preysingstrae/Zitronenfalter-Gruppe/12FMSTeamoverFritz1.jpg& -> uri=sapphire/main.php, args=url=/assets/image-gallery/Preysingstrae/Zitron$
93.197.214.48 - - [21/Sep/2009:20:26:35 +0200] [kwf.server12.levelx.de/sid#1302d40][rid#16841c8/initial] (3) [perdir /var/syscp/webs/x75/kwf/assets/image-gallery/] add per-dir prefix: sapphire/main.php -> /var/syscp/webs/x75/kwf/assets/image-gallery/sapphire/main.php
93.197.214.48 - - [21/Sep/2009:20:26:35 +0200] [kwf.server12.levelx.de/sid#1302d40][rid#16841c8/initial] (2) [perdir /var/syscp/webs/x75/kwf/assets/image-gallery/] trying to replace prefix /var/syscp/webs/x75/kwf/assets/image-gallery/ with /
93.197.214.48 - - [21/Sep/2009:20:26:35 +0200] [kwf.server12.levelx.de/sid#1302d40][rid#16841c8/initial] (5) strip matching prefix: /var/syscp/webs/x75/kwf/assets/image-gallery/sapphire/main.php -> sapphire/main.php
93.197.214.48 - - [21/Sep/2009:20:26:35 +0200] [kwf.server12.levelx.de/sid#1302d40][rid#16841c8/initial] (4) add subst prefix: sapphire/main.php -> /sapphire/main.php
93.197.214.48 - - [21/Sep/2009:20:26:35 +0200] [kwf.server12.levelx.de/sid#1302d40][rid#16841c8/initial] (1) [perdir /var/syscp/webs/x75/kwf/assets/image-gallery/] internal redirect with /sapphire/main.php [INTERNAL REDIRECT]
93.197.214.48 - - [21/Sep/2009:20:26:35 +0200] [kwf.server12.levelx.de/sid#1302d40][rid#1699fa8/initial/redir#1] (3) [perdir /var/syscp/webs/x75/kwf/] strip per-dir prefix: /var/syscp/webs/x75/kwf/sapphire/main.php -> sapphire/main.php
93.197.214.48 - - [21/Sep/2009:20:26:35 +0200] [kwf.server12.levelx.de/sid#1302d40][rid#1699fa8/initial/redir#1] (3) [perdir /var/syscp/webs/x75/kwf/] applying pattern '.*' to uri 'sapphire/main.php'
93.197.214.48 - - [21/Sep/2009:20:26:35 +0200] [kwf.server12.levelx.de/sid#1302d40][rid#1699fa8/initial/redir#1] (4) [perdir /var/syscp/webs/x75/kwf/] RewriteCond: input='/sapphire/main.php' pattern='!(\.gif$)|(\.jpg$)|(\.png$)|(\.css$)|(\.js$)' => matched
93.197.214.48 - - [21/Sep/2009:20:26:35 +0200] [kwf.server12.levelx.de/sid#1302d40][rid#1699fa8/initial/redir#1] (4) [perdir /var/syscp/webs/x75/kwf/] RewriteCond: input='/sapphire/main.php' pattern='^(.*)$' => matched
93.197.214.48 - - [21/Sep/2009:20:26:35 +0200] [kwf.server12.levelx.de/sid#1302d40][rid#1699fa8/initial/redir#1] (4) [perdir /var/syscp/webs/x75/kwf/] RewriteCond: input='/var/syscp/webs/x75/kwf/sapphire/main.php' pattern='!-f' => not-matched
93.197.214.48 - - [21/Sep/2009:20:26:35 +0200] [kwf.server12.levelx.de/sid#1302d40][rid#1699fa8/initial/redir#1] (1) [perdir /var/syscp/webs/x75/kwf/] pass through /var/syscp/webs/x75/kwf/sapphire/main.php
Any Idea what I'm doing wrong?
Thanks
Johannes
