Development Discussion Board

[haravikk]

I think that for PHP-less downloads to work the administrator would need to be able to enable the feature per-forum, with the caveat that it means all users will be able to download the files. This way we can enable it for public forums, but leave the protection enabled in private forums.
Alternatively, it could automatically be enabled if all users have permission to download files from the forum; i.e - if guests, and all listed user-groups have that permission enabled along with the ability to read the contents of the forum. Ideally, if the forum's permissions change such that the files are no longer "public", then they would be relocated to a private folder so direct links will stop working; I expect moving the files should be more widely supported than symbolic links?

Support for HTTP range in the PHP script might help, but I still find that PHP file masking scripts are rarely cached properly so HTTP direct downloads are still desirable for serving up content that is accessed commonly.

[AmigoJack]

HTTP direct downloads are still desirable for serving up content that is accessed commonly

...which is why you can put resources (e.g. files) directly on your server without any interaction of phpBB. The attachment feature doesn't come along with permissions only, it also includes a download counter which then can't be triggered anymore.

BTW: how do downloads count on partial transfers in the future?

[haravikk]

...which is why you can put resources (e.g. files) directly on your server without any interaction of phpBB.

…except that I can hardly do that when the content is posted by forum users now can I? If it were just files I posted myself that I was concerned about then I wouldn't be putting them up through a forum

[jmt200]

Is there a way to upload files to a phpbb forum other than "Img" (I presume that is only for graphic extensions?).
Where is the browse and select file interface?

any way to add an ability to multi upload attachments in topics or posts ?!

[Oleg]

This was requested again: http://tracker.phpbb.com/browse/PHPBB3-10843

Moving topic to 3.2 discussion.

[haravikk]

Since I don't really want to sign up to the JIRA just to comment on the one issue, I wanted to add that there is a fairly easy solution to the permissions question; simply store the files in a hierarchy that matches the forum layout, so if the forum permissions are changed then that branch of the hierarchy can simply be moved from the public location to the private one (inaccessible except via the PHP script).

With file-name "mangling", I think that it doesn't matter how they're stored on the server? For direct access you need the correct extension to serve up the content that way. Meanwhile for files stored in the private folder it shouldn't matter I don't think, since the request goes via the PHP script you only need to ensure the file has some kind of ID that can be used to look it up, such as the primary key used to store the file's info in the database. The file's name doesn't make it to the browser since the PHP script just dumps the file's content, after an appropriate HTTP header I think?

So file names should be safe to keep so long as the file's name is unique to the folder that it's stored within, though it probably couldn't hurt to shove the file's ID number in front for good measure.

[Oleg]

Since I don't really want to sign up to the JIRA just to comment on the one issue

Jira uses .com credentials.

simply store the files in a hierarchy that matches the forum layout, so if the forum permissions are changed then that branch of the hierarchy can simply be moved from the public location to the private one (inaccessible except via the PHP script).

This sounds too fragile to me but you are welcome to try to argue otherwise.