Closed (fixed)
Project:
Audio
Version:
5.x-1.x-dev
Component:
Code
Priority:
Normal
Category:
Task
Assigned:
Reporter:
Created:
31 Oct 2005 at 21:34 UTC
Updated:
12 Apr 2006 at 06:31 UTC
Jump to comment: Most recent file
Even if you mark a file as non-downloadable, it is still downloadable three ways:
1. right-clicking the flash player
2. Through the RSS feed
3. By manually traversing the audio directory (audio/download/1, audio/download/2, etc)
fix:
1. get the non-downloadable, older version of the flash player here:
http://sourceforge.net/forum/forum.php?thread_id=1247029&forum_id=436377, or edit the source code if you have Flash; and
2. Change the following parts of audio module:
function audio_nodeapi(&$node, $op, $arg) {
global $base_url;
switch ($op) {
case 'rss item':
//NOTE: RSS only allows one enclosure per item
if ($node->type == 'audio' && $node->audio['fid']) {
$node->teaser = db_result(db_query("SELECT body FROM {node} WHERE nid=%d", $node->nid));
$file = db_fetch_object(db_query("SELECT * FROM {files} WHERE nid=%d", $node->nid));
return array(array('key' => 'enclosure',
'attributes' => array('url' => file_create_url(variable_get('audio_default_path', 'audio')."/". rawurlencode($file->filename)),
'length' => $file->filesize,
'type' => $file->filemime)));
}
break;
}
}
to
function audio_nodeapi(&$node, $op, $arg) {
global $base_url;
switch ($op) {
case 'rss item':
//NOTE: RSS only allows one enclosure per item
if ($node->type == 'audio' && $node->audio['fid'] && _is_downloadable($node->audio['fid'])) {
$node->teaser = db_result(db_query("SELECT body FROM {node} WHERE nid=%d", $node->nid));
$file = db_fetch_object(db_query("SELECT * FROM {files} WHERE nid=%d", $node->nid));
return array(array('key' => 'enclosure',
'attributes' => array('url' => url('audio/download/'.$node->nid, null, null, true)),
'length' => $file->filesize,
'type' => $file->filemime));
}
break;
}
}
AND
function audio_fetch($nid = false) {
_audio_download($nid, true);
}
to
function audio_fetch($nid = false) {
$node = node_load(array('nid' => $nid));
if( _is_downloadable($node->audio['fid'])){
_audio_download($nid, true);
} else {drupal_goto(audio);}
}
or something like that. Will prevent enlcosure from appearing in RSS for non-downloadable items and prevent traversing the directory. there's probably a better way.
And you can throw in a "deny from all" .htaccess file into files/audio.
seems to work.
| Comment | File | Size | Author |
|---|---|---|---|
| #12 | audio.module_35885.patch | 3.78 KB | drewish |
| #8 | button_player-0.1.zip | 34.82 KB | zirafa |
| #5 | mp3.swf | 5.87 KB | zirafa |
Comments
Comment #1
Colin Brumelle commentedGood ideas. I will fix this.
Comment #2
zirafa commentedIt seems like it will be confusing if there is an empty enclosure in the feed, though.
Comment #3
Colin Brumelle commentedI think there would just be no enclosure at all for items that are not marked for downlaod. But I think the items should still appear in the RSS feed, since this might help drive traffic to the site.
Comment #4
zirafa commentedUnderstandably. But what happens if the audio feed is treated as a podcast? We could assume that if it is treated as a podcast then there shouldn't be an option for "no-downloads" to ensure an enclosure for each feed item. Here's an idea: there could be an audio/feed for the general RSS feed, and an audio/podcast which spits out a feed that ensures there are file enclosures for each feed item. In other words, the podcast would be ensured to not have empty enclosures, which would break the podcast. So, in general:
1) audio/feed spits out an RSS feed of every single audio item, downloadable or not
2) audio/podcast spits out an RSS feed of only downloadable audio, ensuring there is an enclosure for each item (because otherwise the podcast feed will break)
Hope that makes sense.
-Farsheed
Comment #5
zirafa commentedThis is in reference to #2. I edited the flashplayer so that it would not allow right click downloads. Don't really see why we need that feature anyway since there is a download link provided.
Farsheed
Comment #6
zirafa commentedSorry, I meant this was a fix for #1, "right clicking on the flash player allows downloads".
Comment #7
drewish commentedzirafa, that looks good. can you post the source file as well? the original is licensed under the GPL so if we're going to distribute modifications we'll need to publish the source.
Comment #8
zirafa commentedSure, here is the entire zip package of the files. I only commented out 3 lines in button\com\zuardi\musicplayer\Musicbutton.as.
musicplayerbtn.fla is the actual file that compiles everything.
Comment #9
drewish commentedsilly me, i just checked and it's BSD license so we don't have to distribute the source, just have to preserve their license text. i still think it'd be a good idea to include the source though.
Comment #10
drewish commentedI swapped your binary into my sandbox version (that'll end up on HEAD eventually). If there's no objections I'll commit this to the 4.6 branch... Colin?
Comment #11
drewish commentedzirafa's player has been committed as part of http://drupal.org/node/39664#comment-80014
Comment #12
drewish commentedHere's a patch that makes some improvements to securing downloads in HEAD.
Comment #13
drewish commentedI've committed the patch in comment #12, I think it takes care of some of the more obvious problems.
Comment #14
drewish commentedI've got to make one small change to the RSS item and then I think we've fixed the fix-able on this issue in HEAD. If people want to address it in 4.6 feel free to re-open this issue.
Comment #15
(not verified) commented