Setup:
Drupal 6.26
CKeditor-Module 6.x-1.11
Ckeditor 3.6.4
CKfinder 2.1
Hi,
my Drupal site uses private downloads and stores uploaded files outside of the drupal directory. I have to deal with the following situation:
When I upload a file to my site with the ckeditor, using the ckfinder file browser, a link gets generated to the file using the "/system/files/editor/files/" path.
When the "Enable access to files located in the private folder" checkbox in the Ckeditor Global Profile is not checked, no user can access this file. If I try to access the file, I receive a 404 message (please note that it's 404 - page not found - and not 403 - access not allowed!).
When I check "Enable access to files located in the private folder", the file is accessible. However, the file can be accessed by anyone who knows the link. You don't have to be logged in to access the file! This effectively nullifies the purpose of private downloads. Is this really "working as intended" or is something amiss here? Another thing I'm wondering about is why I receive a 404 instead of a 403 error when I try to access the file when "Enable access to files located in the private folder" is not checked.
Any help is highly appreciated.
Comments
Comment #1
mkesicki CreditAttribution: mkesicki commentedIn CKEditor global profile description to "Enable access to files located in the private folder" option is:
Everything works as described. Please use "Location of files uploaded with CKEditor in the private folder" option to set subdirectory into private directory. After setting this CKEditor will give access only to this subdirectory.