Early Bird Registration for DrupalCon Portland 2024 is open! Register by 23:59 PST on 31 March 2024, to get $100 off your ticket.
The Drupal 7.20 security release introduced this change:
- return file_create_url($uri);
+ $file_url = file_create_url($uri);
+ // Append the query string with the token.
+ return $file_url . (strpos($file_url, '?') !== FALSE ? '&' : '?') . drupal_http_build_query($token_query);
This means the query string is effectively not available for hook_file_url_alter()
to be modified, i.e. it breaks file URL altering.
This breaks CDN module's Far Future expiration functionality.
Comment | File | Size | Author |
---|---|---|---|
7.21_correct_file_create_url_usage.patch | 776 bytes | Wim Leers | |
Comments
Comment #2
iamEAP CreditAttribution: iamEAP commentedComment #3
iamEAP CreditAttribution: iamEAP commented7.21_correct_file_create_url_usage.patch queued for re-testing.
Comment #5
jcisio CreditAttribution: jcisio commentedBy passing file_create_url() after having added the token, the symbol ? or & is encoded with drupal_encode_path():
Unless we were to change this logic, this issue is won't fix for D7. The ability to remove the itok querystring comes then at the template level :(
I don't know about CDN FF functionality and how it breaks or could not be fixed.
Comment #6
pjcdawkins CreditAttribution: pjcdawkins commentedYes, this looks hard. Maybe you could do something super hackish like:
Comment #7
jcisio CreditAttribution: jcisio commentedIt is even not hackish enough. Think about user with Clean URLs off ;)
Comment #7.0
jcisio CreditAttribution: jcisio commentedUpdated issue summary.