Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.Hi,
IMCE doesn't seem to check whether or not the drupal installation is using a private filesystem and so returns the wrong file path when files are private. Highlighting in the browser window also doesn't work.
i.e. it's returning /drupal/files/u2/image.jpg when it should be returning /drupal/system/files/u2/image.jpg
I made a change to my imce.module file, in the function imce_browse, adding a $privatepath variable that gets set to 'system/' if the system is using a private file system and remaining as '' if the filesystem is public. $privatepath is appended in the add call to imceFinitor and in the ipath (used by the browser).
I'm not sure if this is good formatting or not, but it allows me to use imce with my private filesystem. Do you see anything wrong with this?
function imce_browse, around line 69
$basepath = base_path();
$privatepath = '';
switch (variable_get('file_downloads', FILE_DOWNLOADS_PUBLIC)) {
case FILE_DOWNLOADS_PRIVATE:
$privatepath = 'system/';
}
//file list
$files = imce_scan_directory($dir);
foreach ($files['list'] as $path=>$file) {
$rows[] = array(
'data' => array(
array('data' => $file['f'], 'class' => 'filename'),
array('data' => format_size($file['s']), 'class' => 'size'),
array('data' => $file['w'].'x'.$file['h'], 'class' => 'dimensions'),
array('data' => date('Y-m-d', $file['d']), 'class' => 'date', 'timestamp
' => $file['d'], 'title' => date('H:i:s', $file['d'])),
array('data' => ($delete ? l(t('delete'), 'imce/delete', array('onclick'
=> 'return confirm(\''.t('Delete?').'\')'), 'delpath='.$path).' - ' : ''). '<a
href="javascript: imceFinitor(\''. $basepath. $privatepath . $path.'\', '.$file[
'w'].', '.$file['h'].')">'. t('add').'</a>', 'class' => 'operations'),
),
'ipath' => $basepath. $privatepath . $path,
'iw' => $file['w'],
'ih' => $file['h']
);
}
In my case I'm using an organic groups implementation, and I imagine this still would allow people from different groups to view images of groups they didn't have privileges to, but I think checking access rights for each image could get really intensive.
Patrick
| Comment | File | Size | Author |
|---|---|---|---|
| #1 | imce.module.patch.txt | 3.63 KB | ufku |
Comments
Comment #1
ufku CreditAttribution: ufku commentedthank you for posting this issue.
attached is a patch for supporting private downloads.
note: your code wont work for clean URLs disabled and for a file directory path other than "files"
Comment #2
pcdonohue CreditAttribution: pcdonohue commentedHi,
this works for me. The code looks ok to me.
thanks!
Patrick
Comment #3
ufku CreditAttribution: ufku commentedcommited.
Comment #4
(not verified) CreditAttribution: commented