rename existing folders when using pagefile secure

[jmartsch]

Folders for my pages with images and/or files where created before I added the pagefileSecure option to site/config.php. Now after adding it, I want that my files are secured, but the folders in site/assets/files still exist without the pagefileSecurePrefix. Shouldn't these be renamed automatically if pagefileSecure is active?
It would be a tedious task to rename all the folders by hand.

Server Details

Software	Version
ProcessWire	3.0.142
PHP	7.2.3
Webserver	Apache/2.4.27 (Win64) OpenSSL/1.0.2l
MySQL	5.7.19

Server Settings

Parameter	Value
allow_url_fopen	1
max_execution_time	36000 (changeable)
max_input_nesting_level	64
max_input_time	60
max_input_vars	1000
memory_limit	1024M
post_max_size	8M
upload_max_filesize	2G
xdebug
xdebug.max_nesting_level
mod_rewrite	1
mod_security	*confirmed off
EXIF Support
FreeType	1

GD Settings

Parameter	Value
Version	bundled (2.1.0 compatible)
GIF	1
JPG	1
PNG	1
WebP	1

Module Details

Module ClassName	Version
AdminOnSteroids	2.0.20
AdminRestrictBranch	1.0.8
AdminRestrictPageTree	1.0.0
BatchChildEditor	1.8.13
CopyDataSheet	1.0.4
ExportAllFieldsAsCSV	1.0.4
ExportView	1.0.0
FieldDescriptionsExtended	1.0.8
FieldtypeDecimal	1.0.3
FieldtypeFields	0.0.2
FieldtypeFieldsetGroup	0.0.4
FieldtypeRockMarkup2	0.0.1
FieldtypeRockTabulator	0.0.1
FieldtypeTable	0.1.9
FieldtypeTemplates	1.0.0
FieldtypeTextareas	0.0.8
GenerateExportDataFromTemplate	1.0.2
GenerateTableFromTemplate	1.0.6
InputfieldAceExtended	1.1.3
InputfieldChosenSelect	1.2.4
InputfieldChosenSelectMultiple	1.2.1
InputfieldDecimal	1.0.0
InputfieldRockMarkup2	0.0.1
InputfieldRockTabulator	0.0.1
InputfieldTable	0.1.9
InputfieldTextareas	0.0.7
LogMaintenance	0.0.1
ModuleReleaseNotes	0.10.8
ModuleSettingsImportExport	0.2.9
PageActionDatenblaetterSperren	1.0.0
PageActionDelete	0.0.2
PageActionExportCSV	0.0.4
PageActionExportDatenblaetter	1.0.1
PageActionExportJson	0.0.1
PageEditSoftLock	1.0.3
ProcessAdminActions	0.7.8
ProcessChildrenCsvExport	1.8.13
ProcessCustomUploadNames	1.2.7
ProcessDashboard	1.0.0
ProcessDatabaseBackups	0.0.5
ProcessPageEditSoftLock	1.0.1
ProcessPageListerPro	1.1.3
ProcessRockFinder	0.0.3
ProcessRockFinder2	0.0.1
ProcessRockMarkup2	0.0.1
ProcessRockTabulator	0.0.1
ProcessSetupPageName	2.1.3
ProcessTracyAdminer	1.0.6
ProcessWireUpgrade	0.0.7
ProcessWireUpgradeCheck	0.0.7
Raumdatenblatt	1.4.0
RockFinder	1.1.2
RockFinder2	0.0.2
RockMarkup2	0.0.4
RockMigrations	0.0.1
RockModuleCreator	0.0.1
RockPdf	1.0.1
RockTabulator	0.0.3
TracyDebugger	4.19.32
approvalProcess	1.0.0

[ryancramerdesign]

@jmartsch This is something that happens when any files/images field is accessed on the page. There's potential for there to be thousands or even millions of file directories on a site, so it's not something that can just be toggled and instantly change everything. It's potentially a major file system change that could take a lot of time if done at once. PW doesn't have any idea if a page is viewable until actually loading it and checking it. It's going to do that anytime you attempt to access a page, and it'll check that it's got the right type of directory anytime you attempt to access any kind of file on the page. So it will happen on its own naturally, but may take awhile. If you want, you can speed the process by letting a crawler loose on your site. Or if the quantity of pages in your site is small enough that it's practical to script it, you can try this, which will force it to check (and update) every file directory on your site:

foreach($pages->findMany('id>0, include=all') as $p) {
  PagefilesManager::_path($p);
}

[jmartsch]

Thanks for the quick reply @ryancramerdesign . The thing is, that I have no public facing website, as it is a admin only application. So there is no view of a page outside of the admin. Only ProcessPageEdit is used. I will try out the script you provided and report back how it went.

[jmartsch]

Running the script in Tracy Debugger was fast, but without result. The folders are still not prefixed and files in it are accessible for users not logged in.

[ryancramerdesign]

It won't matter if it's an admin-only application. What matters is the access control settings of the pages being edited. Even if there's no front-end view, the pages you want to prevent file access to would still have to be access controlled. You can do this in Setup > Templates > template, enable access control and uncheck the "guest" checkbox for view permission. Do this for all of your templates that represent pages you want protected. Or, if they all descending from some common parent page (other than Home) then you could just access control the template that represents that common parent.

[jmartsch]

Perfect. The guest setting was the missing link. That did it.