Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
#1 2011-03-24 19:28:49
- net-carver
- Archived Plugin Author
- Registered: 2006-03-08
- Posts: 1,648
Offline
Re: TXP 4.4?
I’ve been watching this with interest too!
Can someone explain this to me?
Hotlink protection for files: Downloads from a web-accessible
"/files"directory are inhibited. The"/file_download/$id/example.foo"route is the only valid way to access downloadable files.
If I’m reading this right, attempting to download something from /files/filename.ext will throw an error, but what about the current behavior of the /file_download/$id/ path— will it continue to return the correct file even when the wrong filename is entered after $id/, or will it inhibit downloads that use wacko URLs?
One site owner contacted me last month citing an exorbitant ammount of downloads for a certain file. He was especially confused because the server logs showed downloads using hundreds of different URLs using different variations of the filename in the URL, but Textpattern was correctly returning the file based on the ID and correctly incrementing the download count accordingly. Would this change affect that behavior at all?
Offline
Re: TXP 4.4?
johnstephens wrote:
If I’m reading this right, attempting to download something from
/files/filename.extwill throw an error…
hope not. I’m currently using that for swfs and all other embedable non image media formats. Unless… will there be another folder for that content?
Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.
Offline
Re: TXP 4.4?
This behaviour is controlled by an additional .htaccess file in /files.
If you do not want the additional protection and reliable download counts, you can revert to the previous behaviour by simply amending the instructions in there (or remove /files/.htaccess at all).
Offline
Re: TXP 4.4?
wet wrote:
This behaviour is controlled by an additional
.htaccessfile in/files.If you do not want the additional protection and reliable download counts, you can revert to the previous behaviour by simply amending the instructions in there (or removing
/files/.htaccessat all).
cool:) I was getting worried there:)
Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.
Offline
Re: TXP 4.4?
If I understand correctly, anyone upgrading to 4.4 will get this change by default, and you know where this leads: “my downloads doesn’t work anymore”.
I think many users uses direct file downloads (ie. they point their links directly to /files/filename.ext), and this hotlinking trick will break all this links. But please, correct me if I’m wrong or if I’m missing something obvious.
Personally, I’d make this change an opt-in change, by just commenting out the line/s in .htaccess, or by naming the file as .htaccess.sample. Some comments about what it does (particularly, the second RedirectMatch line) would be welcome by everyone, but especially by newbies or people not following this thread, too.
Offline
Re: TXP 4.4?
I agree with Julián. And no Julián, you didn’t misunderstood anything.
I would too either comment out the lines or suffix the .htaccess file with .dist or .sample. Where I see it, 4.x.x updates shouldn’t needlessly break existing behavior (which we have used as a feature). Updates should be robust and easy. That is one of the great aspects of TXP; updating is awesome, fast and easy. No interaction required.
Also I’m slightly wondering about the .htaccess file. Those that want to protect their files from hotlinking should probably just move files directory outside the public web root, and instead of offering .htaccess file, TXP could offer documentation on how to do that. For example by updating the related preference’s pop-help article.
Personally, I have almost always linked directly to the files. The interface has always been used for uploading, but not really for counting as it doesn’t offer stats and graphs. I’ve used direct linking basically for saving server resources. Counts can be checked from server logs and client-side click tracking helps to filter out bots.
Last edited by Gocom (2011-03-25 20:28:04)
Offline
#8 2011-03-25 20:59:42
- net-carver
- Archived Plugin Author
- Registered: 2006-03-08
- Posts: 1,648
Re: TXP 4.4?
Everyone seems to be looking at r3484 — which is, indeed, an interesting change — but not the one I was originally looking at. Perhaps I just missed that 4.4 was going to be the next release, which was my only motivation for starting the thread.
— Steve
Offline
#9 2011-03-25 21:27:07
- els
- Moderator
- From: The Netherlands
- Registered: 2004-06-06
- Posts: 7,458
Re: TXP 4.4?
maniqui wrote:
anyone upgrading to 4.4 will get this change by default,
Do you replace your ‘files’ directory when upgrading? ;)
Offline
Re: TXP 4.4?
I thought next release will have number “5”.
Providing help in hacking ATM! Come to courses and don’t forget to bring us notebook and hammer! What for notebook? What a kind of hacker you are without notebok?
Offline
Re: TXP 4.4?
Els wrote:
Do you replace your ‘files’ directory when upgrading? ;)
Well, good point, Els.
As it’s safe to drop one folder (the one coming from the new textpattern-x.y.z) into other (the already existing one) without risking to replace anything, some people upgrading my end up with this new .htaccess in place. Also, the upgrade sometimes goes the other way: people do a new, fresh, clean install, and then moves the DB and the images/files over the new install, so they may end up with the new .htaccess in place.
Offline
Offline