I think that for PHP-less downloads to work the administrator would need to be able to enable the feature per-forum, with the caveat that it means all users will be able to download the files. This way we can enable it for public forums, but leave the protection enabled in private forums.
Alternatively, it could automatically be enabled if all users have permission to download files from the forum; i.e - if guests, and all listed user-groups have that permission enabled along with the ability to read the contents of the forum. Ideally, if the forum's permissions change such that the files are no longer "public", then they would be relocated to a private folder so direct links will stop working; I expect moving the files should be more widely supported than symbolic links?
Support for HTTP range in the PHP script might help, but I still find that PHP file masking scripts are rarely cached properly so HTTP direct downloads are still desirable for serving up content that is accessed commonly.
[Patch] Direct (php-less) attachment downloads
Forum rules
Please do not post support questions regarding installing, updating, or upgrading phpBB 3.3.x. If you need support for phpBB 3.3.x please visit the 3.3.x Support Forum on phpbb.com.
If you have questions regarding writing extensions please post in Extension Writers Discussion to receive proper guidance from our staff and community.
Please do not post support questions regarding installing, updating, or upgrading phpBB 3.3.x. If you need support for phpBB 3.3.x please visit the 3.3.x Support Forum on phpbb.com.
If you have questions regarding writing extensions please post in Extension Writers Discussion to receive proper guidance from our staff and community.
Re: [Patch] Direct (php-less) attachment downloads
Images in sigs! please.
- AmigoJack
- Registered User
- Posts: 110
- Joined: Wed May 04, 2011 7:47 pm
- Location: グリーン ヒル ゾーン
- Contact:
Re: [Patch] Direct (php-less) attachment downloads
...which is why you can put resources (e.g. files) directly on your server without any interaction of phpBB. The attachment feature doesn't come along with permissions only, it also includes a download counter which then can't be triggered anymore.haravikk wrote:HTTP direct downloads are still desirable for serving up content that is accessed commonly
BTW: how do downloads count on partial transfers in the future?
Re: [Patch] Direct (php-less) attachment downloads
…except that I can hardly do that when the content is posted by forum users now can I? If it were just files I posted myself that I was concerned about then I wouldn't be putting them up through a forumAmigoJack wrote:...which is why you can put resources (e.g. files) directly on your server without any interaction of phpBB.
Images in sigs! please.
Re: [Patch] Direct (php-less) attachment downloads
Is there a way to upload files to a phpbb forum other than "Img" (I presume that is only for graphic extensions?).
Where is the browse and select file interface?
Where is the browse and select file interface?
Meis2M wrote:any way to add an ability to multi upload attachments in topics or posts ?!
Re: [Patch] Direct (php-less) attachment downloads
This was requested again: http://tracker.phpbb.com/browse/PHPBB3-10843
Moving topic to 3.2 discussion.
Moving topic to 3.2 discussion.
Re: [Patch] Direct (php-less) attachment downloads
Since I don't really want to sign up to the JIRA just to comment on the one issue, I wanted to add that there is a fairly easy solution to the permissions question; simply store the files in a hierarchy that matches the forum layout, so if the forum permissions are changed then that branch of the hierarchy can simply be moved from the public location to the private one (inaccessible except via the PHP script).
With file-name "mangling", I think that it doesn't matter how they're stored on the server? For direct access you need the correct extension to serve up the content that way. Meanwhile for files stored in the private folder it shouldn't matter I don't think, since the request goes via the PHP script you only need to ensure the file has some kind of ID that can be used to look it up, such as the primary key used to store the file's info in the database. The file's name doesn't make it to the browser since the PHP script just dumps the file's content, after an appropriate HTTP header I think?
So file names should be safe to keep so long as the file's name is unique to the folder that it's stored within, though it probably couldn't hurt to shove the file's ID number in front for good measure.
With file-name "mangling", I think that it doesn't matter how they're stored on the server? For direct access you need the correct extension to serve up the content that way. Meanwhile for files stored in the private folder it shouldn't matter I don't think, since the request goes via the PHP script you only need to ensure the file has some kind of ID that can be used to look it up, such as the primary key used to store the file's info in the database. The file's name doesn't make it to the browser since the PHP script just dumps the file's content, after an appropriate HTTP header I think?
So file names should be safe to keep so long as the file's name is unique to the folder that it's stored within, though it probably couldn't hurt to shove the file's ID number in front for good measure.
Images in sigs! please.
Re: [Patch] Direct (php-less) attachment downloads
Jira uses .com credentials.haravikk wrote:Since I don't really want to sign up to the JIRA just to comment on the one issue
This sounds too fragile to me but you are welcome to try to argue otherwise.haravikk wrote: simply store the files in a hierarchy that matches the forum layout, so if the forum permissions are changed then that branch of the hierarchy can simply be moved from the public location to the private one (inaccessible except via the PHP script).