[TYPO3-dev] secure downloads - css_styled_content

[Mathias Schreiber [wmdb]]

Am 06.07.11 11:57, schrieb Georg Schönweger:
> .. damn, i mixed up "Uploads" CE with "Media" CE. Sry ... of course i'm
> talking about "Uploads" (File Links) content element!

no problem, I didn't think of media and took uploads for granted, so all 
good :)

>> b) Unless you're really messing with TCA I don't see why line 299+
>> should not work.
> Exactly, the TCA modifications for tt_content which i make in my
> extension (ext_tables.php) are not available in css_styled_content, i
> think because css_styled_content is loaded BEFORE my extension (changing
> extension loading order in typo3conf/localconf.php did not change
> anything). Or even my TCA modifications aren't loaded at all in FE
> (don't know exactly how Typo3 handles TCA definitions in FE). Anyway, in
> BE i can see the TCA modifications so my extension should be ok.

Do you have your extension (or access to the install) at hand?
I have an idea what might be going wrong, but it is too complex to describe.

> To summarize again;
> I don't want to .htaccess protect (deny from all) "uploads/media/"
> (which is the uploadfolder for all CE's - including "File Links")
> because i think this can have bad side-effects (?)
> In my extension i created a new field "my_field" which i add to
> tt_content (TCA and SQL). "my_field" is the substitution for the
> original "media" field used by "File Links" content element. This way i
> can define an uploadfolder for "my_field" which is ONLY for "File Links"
> content element. I can deny access now to this uploadfolder by using
> .htaccess without any side effects...

Good idea and I will dig into this.
Strange thing is that normaly when CSC is instantiated the whole TCA 
(incl. your stuff) should be there.

If for some reason it is not, we will tackle the bug down and slap the 
right person :)

cheers
Mathias

-- 
Ernesto, Nov. 9th 2010:
"In the graphics generation routines of TYPO3 *anything* could cause a
side effect."