Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

rename existing folders when using pagefile secure #1006

Closed
jmartsch opened this issue Oct 21, 2019 · 5 comments
Closed

rename existing folders when using pagefile secure #1006

jmartsch opened this issue Oct 21, 2019 · 5 comments

Comments

@jmartsch
Copy link

@jmartsch jmartsch commented Oct 21, 2019

Folders for my pages with images and/or files where created before I added the pagefileSecure option to site/config.php. Now after adding it, I want that my files are secured, but the folders in site/assets/files still exist without the pagefileSecurePrefix. Shouldn't these be renamed automatically if pagefileSecure is active?
It would be a tedious task to rename all the folders by hand.

Server Details

Software Version
ProcessWire 3.0.142
PHP 7.2.3
Webserver Apache/2.4.27 (Win64) OpenSSL/1.0.2l
MySQL 5.7.19
Server Settings
Parameter Value
allow_url_fopen 1
max_execution_time 36000 (changeable)
max_input_nesting_level 64
max_input_time 60
max_input_vars 1000
memory_limit 1024M
post_max_size 8M
upload_max_filesize 2G
xdebug
xdebug.max_nesting_level
mod_rewrite 1
mod_security *confirmed off
EXIF Support
FreeType 1
GD Settings
Parameter Value
Version bundled (2.1.0 compatible)
GIF 1
JPG 1
PNG 1
WebP 1
Module Details
Module ClassName Version
AdminOnSteroids 2.0.20
AdminRestrictBranch 1.0.8
AdminRestrictPageTree 1.0.0
BatchChildEditor 1.8.13
CopyDataSheet 1.0.4
ExportAllFieldsAsCSV 1.0.4
ExportView 1.0.0
FieldDescriptionsExtended 1.0.8
FieldtypeDecimal 1.0.3
FieldtypeFields 0.0.2
FieldtypeFieldsetGroup 0.0.4
FieldtypeRockMarkup2 0.0.1
FieldtypeRockTabulator 0.0.1
FieldtypeTable 0.1.9
FieldtypeTemplates 1.0.0
FieldtypeTextareas 0.0.8
GenerateExportDataFromTemplate 1.0.2
GenerateTableFromTemplate 1.0.6
InputfieldAceExtended 1.1.3
InputfieldChosenSelect 1.2.4
InputfieldChosenSelectMultiple 1.2.1
InputfieldDecimal 1.0.0
InputfieldRockMarkup2 0.0.1
InputfieldRockTabulator 0.0.1
InputfieldTable 0.1.9
InputfieldTextareas 0.0.7
LogMaintenance 0.0.1
ModuleReleaseNotes 0.10.8
ModuleSettingsImportExport 0.2.9
PageActionDatenblaetterSperren 1.0.0
PageActionDelete 0.0.2
PageActionExportCSV 0.0.4
PageActionExportDatenblaetter 1.0.1
PageActionExportJson 0.0.1
PageEditSoftLock 1.0.3
ProcessAdminActions 0.7.8
ProcessChildrenCsvExport 1.8.13
ProcessCustomUploadNames 1.2.7
ProcessDashboard 1.0.0
ProcessDatabaseBackups 0.0.5
ProcessPageEditSoftLock 1.0.1
ProcessPageListerPro 1.1.3
ProcessRockFinder 0.0.3
ProcessRockFinder2 0.0.1
ProcessRockMarkup2 0.0.1
ProcessRockTabulator 0.0.1
ProcessSetupPageName 2.1.3
ProcessTracyAdminer 1.0.6
ProcessWireUpgrade 0.0.7
ProcessWireUpgradeCheck 0.0.7
Raumdatenblatt 1.4.0
RockFinder 1.1.2
RockFinder2 0.0.2
RockMarkup2 0.0.4
RockMigrations 0.0.1
RockModuleCreator 0.0.1
RockPdf 1.0.1
RockTabulator 0.0.3
TracyDebugger 4.19.32
approvalProcess 1.0.0
@ryancramerdesign

This comment has been minimized.

Copy link
Contributor

@ryancramerdesign ryancramerdesign commented Oct 21, 2019

@jmartsch This is something that happens when any files/images field is accessed on the page. There's potential for there to be thousands or even millions of file directories on a site, so it's not something that can just be toggled and instantly change everything. It's potentially a major file system change that could take a lot of time if done at once. PW doesn't have any idea if a page is viewable until actually loading it and checking it. It's going to do that anytime you attempt to access a page, and it'll check that it's got the right type of directory anytime you attempt to access any kind of file on the page. So it will happen on its own naturally, but may take awhile. If you want, you can speed the process by letting a crawler loose on your site. Or if the quantity of pages in your site is small enough that it's practical to script it, you can try this, which will force it to check (and update) every file directory on your site:

foreach($pages->findMany('id>0, include=all') as $p) {
  PagefilesManager::_path($p);
}
@jmartsch

This comment has been minimized.

Copy link
Author

@jmartsch jmartsch commented Oct 21, 2019

Thanks for the quick reply @ryancramerdesign . The thing is, that I have no public facing website, as it is a admin only application. So there is no view of a page outside of the admin. Only ProcessPageEdit is used. I will try out the script you provided and report back how it went.

@jmartsch

This comment has been minimized.

Copy link
Author

@jmartsch jmartsch commented Oct 21, 2019

Running the script in Tracy Debugger was fast, but without result. The folders are still not prefixed and files in it are accessible for users not logged in.

@ryancramerdesign

This comment has been minimized.

Copy link
Contributor

@ryancramerdesign ryancramerdesign commented Oct 21, 2019

It won't matter if it's an admin-only application. What matters is the access control settings of the pages being edited. Even if there's no front-end view, the pages you want to prevent file access to would still have to be access controlled. You can do this in Setup > Templates > template, enable access control and uncheck the "guest" checkbox for view permission. Do this for all of your templates that represent pages you want protected. Or, if they all descending from some common parent page (other than Home) then you could just access control the template that represents that common parent.

@jmartsch

This comment has been minimized.

Copy link
Author

@jmartsch jmartsch commented Oct 21, 2019

Perfect. The guest setting was the missing link. That did it.

@jmartsch jmartsch closed this Oct 21, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.