[TYPO3-dev] secure downloads - css_styled_content > Ernesto, please comment <

[Georg Schönweger]

> We took a look at it and to be honest I have bad news.
> Basically what you see is correct.
> TSFE invokes "getCompressedTCarray" to save up RAM (which I will
> investigate since the code does not make ANY sense).
> This compressed TCA does not have the columns section, thus
> t3lib_div::loadTCA (as CSC invokes) tries to load that info from the
> crtl section that is has (which is
> typo3/sysext/cms/tbl_tt_content.php) without ANY extended columns.
>
> So basically you can only "extend" to fields that come with TYPO3 by
> default.
>
> Some things to consider:
> a) remove that code from CSC since it does not really make too much sense
> b) get t3lib_div::loadTCA to load ALL TCA, not just the stuff prior to
> extending tables.

IMO sr_feuser_register had the same problem. They solved this by using
following line of code;
tx_div2007_alpha::loadTcaAdditions_fh001($GLOBALS['TYPO3_CONF_VARS']['EXTCONF'][$extKey]['extendingTCA']);
(see
http://typo3.org/documentation/document-library/extension-manuals/sr_feuser_register/2.6.1/view/1/5/#id2510141)
Actually adding the line:
tx_div2007_alpha::loadTcaAdditions_fh001(Array('sni_t3uploads'));
before t3lib_div::loadTCA(..) in function render_uploads() solves the
problem.

maybe something similar can be implemented in CSC :)

>
> What can you do?
> a) Use the hook in CSC ->render_uploads to do your thing
> b) xclass csc and modify override that part of the function
>
> Both ways kinda suck... sorry I couldn't help :(
>
> cheers
> Mathias
>
thank you really much for your effort, you helped because we know now
whats going wrong and we can fix it. For now i will tell the editors to
use the "path" field if they want that the files are really protected.
But it's a pity because it is IMO not possible to secure "File List" in
a sufficient way. Would be great if in further Typo3 Version it is
possible to secure the "media" field --> extend tt_content and use own
field ...

regards,
Georg