The pathed files module allows permissioned users to manage miscellaneous files that can be accessible from any path in the website.

Use case

You need to add a file to your site root named verify.xml for search engine ownership verification.

Normally you would have to take the file and place it into your Drupal core root. Then version control the file by adding code to your Drupal core repository, which is not ideal.

Pathed files allows you to instead create and maintain the file from within Drupal, instead of cluttering up your core code base. This is especially helpful when there are other people that provide these various static files to you, as they can now upload and maintain the files themselves.

Similar projects?

The most similar project I could figure is robotstxt module. However, pathed files is more general than robotstxt.

Links

Comments

jiong_ye’s picture

jiong_ye commented

Interesting module.
all i can find:

  1. Implement hook_uninstall to remove table created by your module.
jiong_ye’s picture

jiong_ye commented
Status: Needs review » Needs work

forgot to update status

krisahil’s picture

krisahil commented
Status: Needs work » Needs review

Thanks, dexxaye. Actually, there is no need for hook_install/hook_uninstall in D7 if using hook_schema:
https://api.drupal.org/api/drupal/modules!system!system.api.php/function...
https://drupal.org/node/224333#install-schema

PA robot’s picture

PA robot commented

We are currently quite busy with all the project applications and we prefer projects with a review bonus. Please help reviewing and put yourself on the high priority list, then we will take a look at your project right away :-)

Also, you should get your friends, colleagues or other community members involved to review this application. Let them go through the review checklist and post a comment that sets this issue to "needs work" (they found some problems with the project) or "reviewed & tested by the community" (they found no major flaws).

I'm a robot and this is an automated message from Project Applications Scraper.

pandaski’s picture

pandaski commented
Status: Needs review » Reviewed & tested by the community

pareview.sh ventral.org
http://ventral.org/pareview/httpgitdrupalorgsandboxkrisahil2033215git
No issues report, nice work.

manual review:
I found no major coding standard violations, the module is working as expected (at least as expected by me)

klausi’s picture

klausi
he/him||they/them
Primary language German
Location 🇦🇹 Vienna
commented
Assigned: Unassigned » klausi

I'll look at this now in the Project applications sprint

klausi’s picture

klausi
he/him||they/them
Primary language German
Location 🇦🇹 Vienna
commented
Assigned: klausi » Unassigned
Status: Reviewed & tested by the community » Needs work
Issue tags: +PAreview: security

Sorry for the delay, but you have not listed any reviews of other project applications in your issue summary as strongly recommended in the application documentation.

Review of the 7.x-1.x branch:

  • DrupalPractice has found some issues with your code, but could be false positives.
    
FILE: /home/klausi/pareview_temp/pathed_files.admin.inc
--------------------------------------------------------------------------------
FOUND 0 ERROR(S) AND 1 WARNING(S) AFFECTING 1 LINE(S)
--------------------------------------------------------------------------------
 324 | WARNING | Unused variable $num_deleted.
--------------------------------------------------------------------------------

This automated report was generated with PAReview.sh, your friendly project application review script. You can also use the online version to check your project. You have to get a review bonus to get a review from me.

Manual review:

  1. _pathed_files_get_entry(): Do not use db_select() for simple static queries, use db_query() instead. See http://drupal.org/node/310075
  2. _pathed_files_set_file_headers(): I think you should use text/plain as fallback, too, if there is no extension or whatever.
  3. pathed_files_admin_list(): this is vulnerable to XSS exploits. If I enter a file description as <script>alert('XSS');</script> then I'll get a nasty javascript popup on the listing page. You need to sanitize user provided text before printing. Please read https://drupal.org/node/28984 again.
krisahil’s picture

krisahil commented
Status: Needs work » Needs review

Thank you, @klausi, for the review. I committed these changes (see http://drupalcode.org/sandbox/krisahil/2033215.git/commitdiff/778374c588... ).

kscheirer’s picture

kscheirer
Primary language English
Location Vallejo
commented
Status: Needs review » Reviewed & tested by the community
  • In pathed_files_admin_edit_submit() I think you can use db_merge() instead of separate insert/update calls.
  • What happens if the user enters an existing file path, does this module let me overwrite any txt/xml file in the docroot? I guess I can't think of any major security problems with that, but it does seem odd.

However, pathed files is more general than robotstxt.

Could you provide more information about how they're different?

Otherwise this looks pretty good.

----
Top Shelf Modules - Crafted, Curated, Contributed.

krisahil’s picture

krisahil commented

Thank you, @kscheirer.

I used db_merge() and added a validation check to ensure pathed_files item does not conflict with real file:
http://drupalcode.org/sandbox/krisahil/2033215.git/blobdiff/778374c588fc...

Re: how pathed_files differs from robotstxt: robotstxt lets editors define what is returned when $base_url/robots.txt is requested, but pathed_files module allows editors to define arbitrary paths and add content that will be served when those paths are requested.

A good use case is a multi-site Drupal instance where editors need to upload XML files for search engine verification. Using pathed_files, they define the path to that file (and manually enter the file's contents or upload a file to be served when that path is requested). This allows each domain to serve a different version of a file at path /my-file.xml. Also, if that site uses VC, developers do not have to commit/ignore these files.

kscheirer’s picture

kscheirer
Primary language English
Location Vallejo
commented
Status: Reviewed & tested by the community » Fixed

It's been a month without any problems reported, so I'm promoting this myself as per https://drupal.org/node/1125818.

Thanks for your contribution, krisahil!

I updated your account to let you promote this to a full project and also create new projects as either a sandbox or a "full" project.

Here are some recommended readings to help with excellent maintainership:

You can find lots more contributors chatting on IRC in #drupal-contribute. So, come hang out and get involved!

Thanks, also, for your patience with the review process. Anyone is welcome to participate in the review process. Please consider reviewing other projects that are pending review. I encourage you to learn more about that process and join the group of reviewers.

Thanks to the dedicated reviewer(s) as well.

----
Top Shelf Modules - Crafted, Curated, Contributed.

Automatically closed -- issue fixed for 2 weeks with no activity.

Anonymous’s picture

(not verified) commented
Issue summary: View changes

Removed some italicized text.