images stored in private file system not displayed
aaron - February 20, 2007 - 16:18
| Project: | ImageField |
| Version: | 5.x-1.x-dev |
| Component: | Code |
| Category: | bug report |
| Priority: | critical |
| Assigned: | Unassigned |
| Status: | closed |
Jump to:
Description
if the file system settings are set to private, then imagefield doesn't display the image properly, instead showing a link to /system/files/...
#1
Can you please provide some more info?
Is the image uploaded to the server?
Do have you enabled view uploaded files on the access page?
Are you using imagecache or just imagefield? (imagecache requires public files)
is the file uploaded to the server?
Can you throw a dog a bone instead of just saying, "Hey I have private files, this doesn't work!"
#2
since aaron does not reply and I have probably the same issue I'm trying to reply though there are some problems, first I'm not web dev, second I've little experience with drupal and third I don't remember my setup very well because last time I tried all this stuff I got too frustrated from being incapable that I let everything down a couple of weeks to build up new motivation
definitely yes
don't understand question
what is imagecache?
is there a difference between this question and 'Is the image uploaded to the server?'?
you can see the issue in action here:
http://www.planetdvb.net/node/279
first Firefox and IE didn't show the image, then I reuploaded the image using another filename and now only Firefox shows it, reshreshing with F5 in both browsers don't change the situation. The reason that it did not show first in Firefox might be because the image was previously uploaded using the image module, I don't know
I hope my feedback isn't too poor, maybe I should just set the file system to public but I'm absolutely clueless about possible disadvantages of a public file system.
#3
I just ran into the same problem, but I can give more thorough answers.
Here is what happens:
Private download is turned on. When you are logged in, and you preview the node that has an imagefield, the image displays properly. The src of the image is something like "/files/logos/allstar.gif".
If you log out, and look at the same node, the image no longer displays because the src is now "/system/files/logos/allstar.gif".
To answer your questions:
1. Yes, the image is uploaded to the server.
2. No, I do not have view uploaded files enabled on the access page. In fact, I do not even have the Upload module enabled.
3. No, I am not using imagecache.
4. Same as 1?
Based on your questions, and my answers I am assuming this is happening because I do not have the Upload module enabled and therefore an anonymous user cannot see the files. This appears to only happen when you have the conjunction of Private download without Upload. I would suggest either adding Upload to the dependencies for imagefield, or somehow triggering a warning if this module is enabled while the download method is private and upload is not enabled.
I hope that clears things up.
#4
RoloDMonkey, thanks for your explanation. I'd like to close this issue as duplicate, but my proposed patch just applies to filefield (even if would be exactly the same for imagefield), so it's not really a duplicate.
I decided not to roll a patch for imagefield and instead depend on the same function in filefield, removing the need for a fix in imagefield. But that requires my other patch that makes imagefield dependent on filefield, which in turn requires a few other patch dependencies. So maybe you'd be better off with having the filefield patch mentioned above ported to imagefield, that should do the trick.
#5
Hi, I am a programmer, but am new to Drupal, and I don't do web development. However in just 3 weeks I believe I have learnt enough about Drupal to offer some more information on this.
I believe that imagefield is very much related to filefield. I recently suggested a fix to filefield that had to do with viewing uploads and permissions. You'll have to check it out yourself, as I don't have the link handy (following dopry's my proposed patch link above will get you there) :)
Firstly, I must point out, 2 great modules here for CCK, exactly what I and others have needed. dopry has done some fantastic work here, respect due!
Now, I have noticed some similarities with both the filefield module and this imagefield module (I will be focusing on the latter for this post). Firstly (and this is probably due to migration from d4.7 to 5) neither module is implementing the permissions system correctly. This is causing those 'file/image not displaying properly' errors when the file is uploaded but not displaying for certain roles. Both modules want to 'piggy-back' the upload module permissions.
This is fine as long as you have this module, but what if you haven't? Well, some effort has been made to make them safe, but not to make the modules work properly. in filefield it was as easy as including a hook for the function hook_perm(), so that if the upload module wasn't present it set the permissions itself.
In this module it should be a little more complicated, I see a situation where we will want to set the visibility of images different to the visibility of uploads. Therefor I suggest adding 1 single new permission and changing the _file_download hook slightly.
Firstly adjust the imagefield_file_download function, slightly (starts on line 670). We're gonna get rid of the check for upload.module function as we want this routine specifically for image file download requests. Also we move the user_access check to the beginning of the routine, so that extra processing is not done on every file_download call that isn't applicable. finally we change the permission checked for to 'view uploaded images', this gives imagefield a separate permission. So in total change the function to this:
function imagefield_file_download($file) {if (user_access('view uploaded images')) {
$file = file_create_path($file);
$result = db_query("SELECT f.* FROM {files} f WHERE filepath = '%s'", $file);
if ($file = db_fetch_object($result)) {
$node = node_load($file->nid);
if (node_access('view', $node)) {
$name = mime_header_encode($file->filename);
$type = mime_header_encode($file->filemime);
// Serve images and text inline for the browser to display rather than download.
$disposition = ereg('^(text/|image/)', $file->filemime) ? 'inline' : 'attachment';
return array(
'Content-Type: '. $type .'; name='. $name,
'Content-Length: '. $file->filesize,
'Content-Disposition: '. $disposition .'; filename='. $name,
'Cache-Control: private'
);
}
else {
return -1;
}
}
} else {
return -1;
}
}
and also, add this routine to imagefield.module, this sets the new permission mentioned earlier:
/*** Hook of hook_perm
*/
function imagefield_perm() { return array('view uploaded images'); }
This is much cleaner implementation (IMHO) of imagefield, as it allows it to work standalone, with its only required module being cck. upload module isn't needed anymore, and neither is filefield (I've just seen the posts on imagefield-depends-on-fielfield).
But anyway, just trying to help, don't want to sullly other peoples work in getting the modules to work with each other. Just hope my input might help somewhere...
#6
dopry has just committed a fix quite similar to the one that ZuluWarrior has suggested (to the DRUPAL-5--2 branch), you can look it up in the duplicate issue #149026
. That is, I believe it's a duplicate. If things still don't work with this development version, please file a new issue with sufficiently detailed info. For now, I'm closing this issue as "fixed".#7