Leaderboard

Are you also hosting with lautre.net ? Looks to me like they have disabled chmod() in php.ini

Dear all, congrats to the redesigned website. Was a big surprise today and first thought, hey what happened to my browser bookmarks, it‘s not PW. But that shock only took a second then I realized it‘s my CMS of choice, just with a new fresh layout. Great work from my point of view. Just browse and read the new content now. Love it.

Guess one part of the story is that pagefileSecure relies on .htaccess available on Apache servers. So it won‘t work on NGINX powered servers unless you port the htaccess over to NGINX equivalent - if possible at all. As htaccess can inherit rules from parent folders and can be disabled from your ISP, it is good practice to test htaccess access restrictions before it goes live.

Searching the ProcessWire files for the phrase, "Prevent direct access to file assets owned by" led me to ProcessTemplate.module in wire/modules/Process/ProcessTemplate. From there, this is the relevant code: /** * Build the "pagefileSecure" field for the "access" tab * * @param Template $template * @return InputfieldRadios * */ protected function buildEditFormAccessFiles(Template $template) { /** @var InputfieldRadios $f */ $f = $this->wire()->modules->get('InputfieldRadios'); $f->attr('id+name', 'pagefileSecure'); $f->label = $this->_('Prevent direct access to file assets owned by pages using this template?'); $f->icon = 'download'; $f->description = $this->_('When direct access to a file in [u]/site/assets/files/[/u] is blocked, ProcessWire can manage delivery of the file, rather than Apache.') . ' ' . $this->_('This enables the file to be access controlled in the same manner as the page that owns it, while still using the original file URL.') . ' ' . $this->_('Note that it takes more overhead to deliver a file this way, so only choose the “Yes always” option if you need it.'); $f->notes = $this->_('Always test that the access control is working how you expect by attempting to access the protected file(s) in your browser.') . ' ' . $this->_('Do this for when you expect to have access (logged-in) and when you do not (logged-out).'); $f->addOption(0, $this->_('No') . ' ' . '[span.detail] ' . $this->_('(uses site-wide configuration instead)') . ' [/span]'); $f->addOption(1, $this->_('Yes when page is unpublished, in the trash, or not publicly accessible')); $f->addOption(2, $this->_('Yes always, regardless of page status or access control')); $f->val((int) $template->pagefileSecure); if(!$template->pagefileSecure) $f->collapsed = Inputfield::collapsedYes; return $f; } Considering the attribute name is pagefileSecure, I would think it'd be safe to assume that, yes, that enabled pagefileSecure for those templates within your site. I don't use pagefileSecure myself, so I don't know if there's an adjustment that could be made to the htaccess so that secure pagefiles can work as expected, while insecure can still not be rendered by ProcessWire. There might be some results of people working with that in these forums. (I'd normally look, but unless I revisit this later, my break time is up!)

Hi all! Just wanted to say hi and comment that I truly love the new website, it looks and feels great, both mobile and on desktop. It also has its own unique look instead of general day-to-day trends we so often see. Great work @diogo @jploch and @ryan! While we don't use ProcessWire at my current job, I still maintain few PW sites and I love the experience. Miss the community a lot, stay health and happy everyone!