This a patch to Drupal core to implement public/private file handling. At this time it isn't entirely complete and needs plenty of bug fixing. This code will be rapidly maturing over the next couple of weeks and I'll be posting some testing documentation in a couple of days. A description of changes that implement this are below.
First, lots of changes in file.inc to cope with having two file paths. This involved changes to file_create_url and file_create_path to return correct paths and file_set_private for database manipulation and moving files around. There were also function changes to file_move and file_copy to support some of the things going on. The last big change was file_debug, which will presumably be removed but has made life easier for debugging. A list of changed funtions is below.
Changes in upload module are related to updating forms to have a public/private values for files and adding file_set_private to upload_save. A list of affected functions is below.
There have been mostly cosmetic changes in system.module. One new database column is added to the files table, a private path variable is added and private/public file preferences.
system.module / system.schema
I have added mostly a new file, private.php, to avoid a full drupal bootstrap when piping files through Drupal. For now this is mostly a skeleton but really only needs minimal code.
* JS uploads are broken (this doesn't appear to be from changes in this patch).
So for testing please turn JS off for the moment.
* Nodes can only have one file attached, a bug is dropping data from other files.
* When the private directory is created it isn't protected with a proper .htaccess file.
* The process of uploading and then setting a file to private is a bit hackish and could
use some refactoring.
* An update function needs to be created for the one schema change.