[TYPO3-dev] secure downloads - css_styled_content

Georg Schönweger georg.schoenweger at gmail.com
Wed Jul 6 11:57:27 CEST 2011 

.. damn, i mixed up "Uploads" CE with "Media" CE. Sry ... of course i'm
talking about "Uploads" (File Links) content element!

Am 06.07.2011 10:58, schrieb Mathias Schreiber [wmdb]:
>
> For your options:
> a) Line 293 makes use of filePath
> I remember stumbling upon this because you could not "clear" filePath
> or $path and I needed this for FAL.
using "filePath" is ok; in this case the files aren't copied at all, but
instead linked directly to the location in fileadmin and i can deny
access to this folders by using .htaccess files. Anyway i would like to
use the "media" field because it is easier for editors to select the
files typo3-way from filelist than just entering a path to a folder.
>
> b) Unless you're really messing with TCA I don't see why line 299+
> should not work.
>
> So if I get you right you cannot set a different uploadfolder in TCA?
> If so, why not?
Exactly, the TCA modifications for tt_content which i make in my
extension (ext_tables.php) are not available in css_styled_content, i
think because css_styled_content is loaded BEFORE my extension (changing
extension loading order in typo3conf/localconf.php did not change
anything). Or even my TCA modifications aren't loaded at all in FE
(don't know exactly how Typo3 handles TCA definitions in FE). Anyway, in
BE i can see the TCA modifications so my extension should be ok.

To summarize again;
I don't want to .htaccess protect (deny from all) "uploads/media/"
(which is the uploadfolder for all CE's - including "File Links")
because i think this can have bad side-effects (?)
In my extension i created a new field "my_field" which i add to
tt_content (TCA and SQL). "my_field" is the substitution for the
original "media" field used by "File Links" content element. This way i
can define an uploadfolder for "my_field" which is ONLY for "File Links"
content element. I can deny access now to this uploadfolder by using
.htaccess without any side effects...

>
> We will figure this one out :)
>
> cheers
> mathias
>
thanks,
Georg

More information about the TYPO3-dev mailing list