Textpattern CMS support forum

You are not logged in. Register | Login | Help

#1 2011-03-24 19:28:49

net-carver
Member
From: UK
Registered: 2006-03-08
Posts: 1,648

TXP 4.4?

Looks interesting.


Steve
Textile | My plugins on GitHub | @netcarver

Offline

#2 2011-03-25 16:34:33

johnstephens
Plugin Author
From: Woodbridge, VA
Registered: 2008-06-01
Posts: 983
Website

Re: TXP 4.4?

I’ve been watching this with interest too!

Can someone explain this to me?

Hotlink protection for files: Downloads from a web-accessible "/files" directory are inhibited. The "/file_download/$id/example.foo" route is the only valid way to access downloadable files.

If I’m reading this right, attempting to download something from /files/filename.ext will throw an error, but what about the current behavior of the /file_download/$id/ path— will it continue to return the correct file even when the wrong filename is entered after $id/, or will it inhibit downloads that use wacko URLs?

One site owner contacted me last month citing an exorbitant ammount of downloads for a certain file. He was especially confused because the server logs showed downloads using hundreds of different URLs using different variations of the filename in the URL, but Textpattern was correctly returning the file based on the ID and correctly incrementing the download count accordingly. Would this change affect that behavior at all?

Offline

#3 2011-03-25 16:59:24

colak
Admin
From: Cyprus
Registered: 2004-11-20
Posts: 7,169
Website

Re: TXP 4.4?

johnstephens wrote:

If I’m reading this right, attempting to download something from /files/filename.ext will throw an error…

hope not. I’m currently using that for swfs and all other embedable non image media formats. Unless… will there be another folder for that content?


Yiannis
——————————
neme.org | hblack.net | LABS | State Machines | Respbublika! | NeMe @ github

Offline

#4 2011-03-25 17:05:16

wet
Developer
From: Lenzing, Austria
Registered: 2005-06-06
Posts: 3,267
Website

Re: TXP 4.4?

This behaviour is controlled by an additional .htaccess file in /files.

If you do not want the additional protection and reliable download counts, you can revert to the previous behaviour by simply amending the instructions in there (or remove /files/.htaccess at all).

Offline

#5 2011-03-25 17:06:47

colak
Admin
From: Cyprus
Registered: 2004-11-20
Posts: 7,169
Website

Re: TXP 4.4?

wet wrote:

This behaviour is controlled by an additional .htaccess file in /files.

If you do not want the additional protection and reliable download counts, you can revert to the previous behaviour by simply amending the instructions in there (or removing /files/.htaccess at all).

cool:) I was getting worried there:)


Yiannis
——————————
neme.org | hblack.net | LABS | State Machines | Respbublika! | NeMe @ github

Offline

#6 2011-03-25 18:01:05

maniqui
Moderator
From: Buenos Aires, Argentina
Registered: 2004-10-10
Posts: 3,070
Website

Re: TXP 4.4?

If I understand correctly, anyone upgrading to 4.4 will get this change by default, and you know where this leads: “my downloads doesn’t work anymore”.
I think many users uses direct file downloads (ie. they point their links directly to /files/filename.ext), and this hotlinking trick will break all this links. But please, correct me if I’m wrong or if I’m missing something obvious.

Personally, I’d make this change an opt-in change, by just commenting out the line/s in .htaccess, or by naming the file as .htaccess.sample. Some comments about what it does (particularly, the second RedirectMatch line) would be welcome by everyone, but especially by newbies or people not following this thread, too.


La música ideas portará y siempre continuará

TXP Builders – finely-crafted code, design and txp

Offline

#7 2011-03-25 20:27:08

Gocom
Plugin Author
From: Helsinki, Finland
Registered: 2006-07-14
Posts: 4,528
Website

Re: TXP 4.4?

I agree with Julián. And no Julián, you didn’t misunderstood anything.

I would too either comment out the lines or suffix the .htaccess file with .dist or .sample. Where I see it, 4.x.x updates shouldn’t needlessly break existing behavior (which we have used as a feature). Updates should be robust and easy. That is one of the great aspects of TXP; updating is awesome, fast and easy. No interaction required.

Also I’m slightly wondering about the .htaccess file. Those that want to protect their files from hotlinking should probably just move files directory outside the public web root, and instead of offering .htaccess file, TXP could offer documentation on how to do that. For example by updating the related preference’s pop-help article.

Personally, I have almost always linked directly to the files. The interface has always been used for uploading, but not really for counting as it doesn’t offer stats and graphs. I’ve used direct linking basically for saving server resources. Counts can be checked from server logs and client-side click tracking helps to filter out bots.

Last edited by Gocom (2011-03-25 20:28:04)

Offline

#8 2011-03-25 20:59:42

net-carver
Member
From: UK
Registered: 2006-03-08
Posts: 1,648

Re: TXP 4.4?

Everyone seems to be looking at r3484 — which is, indeed, an interesting change — but not the one I was originally looking at. Perhaps I just missed that 4.4 was going to be the next release, which was my only motivation for starting the thread.


Steve
Textile | My plugins on GitHub | @netcarver

Offline

#9 2011-03-25 21:27:07

Els
Admin
From: The Netherlands
Registered: 2004-06-06
Posts: 7,458

Re: TXP 4.4?

maniqui wrote:

anyone upgrading to 4.4 will get this change by default,

Do you replace your ‘files’ directory when upgrading? ;)

Offline

#10 2011-03-25 21:27:37

the_ghost
Plugin Author
From: Minsk, The Republic of Belarus
Registered: 2007-07-26
Posts: 907
Website

Re: TXP 4.4?

I thought next release will have number “5”.


Providing help in hacking ATM! Come to courses and don’t forget to bring us notebook and hammer! What for notebook? What a kind of hacker you are without notebok?

Offline

Board footer

Powered by FluxBB