Jump to:

658 Posts in 2109 Topics by 163 members

Releases and Announcements

SilverStripe Forums » Releases and Announcements » SecureFiles 0.30 Released

Latest news about the SilverStripe software.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Page: 1 2 3
Go to End
Author Topic: 4157 Views
  • Hamish
    Avatar
    Community Member
    712 Posts

    SecureFiles 0.30 Released Link to this post

    Hi everyone,

    SecureFiles 0.30 has been tagged and released. See: http://silverstripe.org/secure-files/

    New features:

    • Compatibility fixes for 2.4
    • Localisation for German, Spanish, Finnish, French and Swedish (thanks everyone who contributed)
    • Basic unit tests, "rebuild secure file rules" build task
    • Support for Apache x-sendfile headers (for best performance)
    • New permission method: Access tokens (assign time limited unique access tokens for anonymous users)
    • Developer hooks: onAccessGranted and onAccessDenied

    It is likely that this will form the basis of a 1.0 release candidate. Bug reports, further translations and suggestions welcome.

    Regards
    Hamish

  • klikhier
    Avatar
    Community Member
    150 Posts

    Re: SecureFiles 0.30 Released Link to this post

    Hamish,

    Have tried your module on 2.3.7 and 2.4.0 but receive error when doing the following:

    - Setup clean SS installation
    - Add securefiles folder and rebuild
    - Unquote individual member and member group in _config
    - Add user group under Security tab and add 'access to secure files'
    - Add 'SecureUploads' folder, tick 'secure folder'
    - Add Group Access Permissions to all groups (just for testing)
    - Add file
    - Go to files-tab and try to open file
    - Error (using Google Chrome):

    This webpage is not found.

    No webpage was found for the web address: http://localhost:8888/website.com/www/assets/SecureUploads/dummy.pdf

    + More information on this error
    Below is the original error message

    Error 6 (net::ERR_FILE_NOT_FOUND): The file or directory could not be found.

    Please note that all seems to work fine when I unquote SecureFileController::use_ss_sendfile_method(); in _config, but it says "Not recommended for production sites"

    What may have caused this problem?

  • Hamish
    Avatar
    Community Member
    712 Posts

    Re: SecureFiles 0.30 Released Link to this post

    That's odd - it uses essentially the same file path regardless of sending method, so I'm not sure why you're getting that error.

    What type of server are you running?

  • klikhier
    Avatar
    Community Member
    150 Posts

    Re: SecureFiles 0.30 Released Link to this post

    Tested both on MAMP and on a shared hosting PHP/apache webserver. Both give the same result.

  • speedofmac
    Avatar
    Community Member
    10 Posts

    Re: SecureFiles 0.30 Released Link to this post

    I'm having a similar problem. I installed the module fine, and the backend is working properly. After securing a folder called "members" and adding administrator access, when I try to access a file from the frontend I'm met with a simple "Not Found" or a 404 error. The same files are available without any trouble when I turn off security for that folder. At times it tried to send me to the Security (login) page with a BackURL to the file, but that didn't work, plus I was already logged in.

  • Hamish
    Avatar
    Community Member
    712 Posts

    Re: SecureFiles 0.30 Released Link to this post

    Please log a ticket at:

    http://polemic.net.nz/trac/

    With as much as information you an provide about how to replicate. I've been unable to recreate the issue, so if you can give me a step my step outline that would be useful.

    Regards

    Hamish

  • Aram
    Avatar
    Community Member
    598 Posts

    Re: SecureFiles 0.30 Released Link to this post

    Hi guys, did you ever find the solution to this?

    I am having the same issue, as soon as I secure a file/folder it becomes unavailable on the front end even when logged in as an ADMIN, just gives a 404. Unsecure it and the file can be accessed again.

    Strangely it works fine on my local enviroment (WAMP), but not on a Cpanel VPS or Cpanel shared hosting env.

    I have tried both v0.30 and trunk both with the same results. Using SS v2.4.0.

    any help would be most appreciated

    Aram

  • Aram
    Avatar
    Community Member
    598 Posts

    Re: SecureFiles 0.30 Released Link to this post

    Just to (possibly) add a bit more info to this, when I added the
    <Directory /www/assets>
    Options None
    </Directory>
    to my httpd.conf file as suggested in the README, I got this error in apache:

    [Mon Aug 23 19:08:43 2010] [error] [client 188.223.81.82] Options FollowSymLinks or SymLinksIfOwnerMatch is off which implies that RewriteRule directive is forbidden: /home/aabweb/public_html/sfx/assets/Uploads/Testfile.0001.jpg

    and a SilverStripe 404 page when trying to access the file.

    Not sure what that means in terms of the problem but thought it worth reporting.....

    4157 Views
Page: 1 2 3
Go to Top

Want to know more about the company that brought you SilverStripe? Then check out SilverStripe.com

Comments on this website? Please give feedback.