Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
The Drupal 7.20 security release introduced this change:
- return file_create_url($uri);
+ $file_url = file_create_url($uri);
+ // Append the query string with the token.
+ return $file_url . (strpos($file_url, '?') !== FALSE ? '&' : '?') . drupal_http_build_query($token_query);
This means the query string is effectively not available for hook_file_url_alter()
to be modified, i.e. it breaks file URL altering.
This breaks CDN module's Far Future expiration functionality.
Comment | File | Size | Author |
---|---|---|---|
7.21_correct_file_create_url_usage.patch | 776 bytes | Wim Leers | |
Comments
Comment #2
iamEAP CreditAttribution: iamEAP commentedComment #3
iamEAP CreditAttribution: iamEAP commented7.21_correct_file_create_url_usage.patch queued for re-testing.
Comment #5
jcisio CreditAttribution: jcisio commentedBy passing file_create_url() after having added the token, the symbol ? or & is encoded with drupal_encode_path():
Unless we were to change this logic, this issue is won't fix for D7. The ability to remove the itok querystring comes then at the template level :(
I don't know about CDN FF functionality and how it breaks or could not be fixed.
Comment #6
pjcdawkins CreditAttribution: pjcdawkins commentedYes, this looks hard. Maybe you could do something super hackish like:
Comment #7
jcisio CreditAttribution: jcisio commentedIt is even not hackish enough. Think about user with Clean URLs off ;)
Comment #7.0
jcisio CreditAttribution: jcisio commentedUpdated issue summary.