See attached image for visual.

I noticed this and don't think its a bug, but not sure it's a good idea to show the actual path to the file, in perticular when in private file transfer. as it shows the actual path. While users cannot access this path directly. it does show the username on my host in the path.

CommentFileSizeAuthor
#12 audio_108662.patch960 bytesdrewish
#5 audio.module_hide_full_paths.patch1.17 KBdrewish
audiofileinfo.png14.02 KBvm

Comments

drewish’s picture

drewish commented
Title: path shows too deep when using private files transfer » Hide full file path with using private files
Component: audio_getid3 » Code
Category: support » feature

personally, i'm not too worried about it. the only people who can see it are people with create audio permissions. if lots of people think this is a problem we can limit it down.

vm’s picture

vm commented

ok. thanks for taking a look. The site i am working on developing for muscians will consist of each authenticated user having the ability to upload audio.

the password to my server is random, maybe ill set up a script to randomize it daily and email it to me to avoid paranoia : )

mediafrenzy’s picture

mediafrenzy commented

Yes I've been meaning to submit an issue regarding this as well.

I have perhaps 2500 users with audio write permissions, and would rather they could not see the private path.

mediafrenzy’s picture

mediafrenzy commented

Can anyone tell me how to stop that full private server path from being displayed when users are editing/previewing audio nodes? I would really like to remove that...

drewish’s picture

drewish commented
Version: 4.7.x-1.x-dev » 5.x-1.x-dev
Status: Active » Needs review
StatusFileSize
new audio.module_hide_full_paths.patch1.17 KB

here's a patch for 5 to do this. feedback would be appreciated.

vm’s picture

vm commented

I just tested this on 5.x-0.2 there was no change. Still having issues with album art showing while using private method as well.

drewish’s picture

drewish commented

yeah, this doesn't address the album art, that's a separate issue. what's your system file path?

vm’s picture

vm commented

private folder is one level up from public root

home/username/private folder

path that shows when an audio node is edited is /home/username/files_demo/audio/

which is same as it was before the patch. This is an entirely new upload as well. can be seen on my sandbox demo.verymisunderstood.com/drupal5

vm’s picture

vm commented

i've assigned anon user role all available permissions for any possible testing.

mediafrenzy’s picture

mediafrenzy commented

Hey guys, good to see some activity on this - Is it at all possible that the above patch could be ported to 4.7?

vm’s picture

vm commented

right now the patch doesn't work as expected. So backporting it at this stage isn't going to make much sense : )

drewish’s picture

drewish commented
Title: Hide full file path with using private files » Hide audio file's full path from users lacking 'administer audio' permission.
StatusFileSize
new audio_108662.patch960 bytes

The attached patch will hide the directory info from non-admins. I think it's a nice compromise. I'm committing it to DRUPAL-5 and HEAD.

drewish’s picture

drewish commented
Status: Needs review » Fixed
Anonymous’s picture

(not verified) commented
Status: Fixed » Closed (fixed)