Jump to content

hintraeger

Members
  • Posts

    22
  • Joined

  • Last visited

Posts posted by hintraeger

  1. 11 hours ago, dynweb said:

    Have you checked that there are no files prepended/appended when rendering the template? Maybe disable Tracy debugger?

    I have no files prepended/appended and tracy debuger is also disabled. But I know the problem now. The downloaded file is only unreadable on my older Mac by Acrobat, Preview and Safari. In Brave it is and on newer operating system versions there is also no problem. The pdf must have been altered somehow so that it is no longer compatible with older pdf readers. A bit strange. 

    But it would be nice if processwire had a solution here on how to prevent the download of files directly via an url link. Maybe there is already such a solution and I just don't know it. I think there was a solution in drupal. There you could decide whether the files should be stored in a directory outside the web directory and thus be protected from direct access. Unfortunately I don't know how the download was solved via a template. It would be great if there was a solution in the future. Many thanks for your answers.

  2. 40 minutes ago, cwsoft said:

    The line with the readfile command has three dots at the end which seems strange to me and then adds whatever is your $download variable. Have you checked that path e.g. via outputin template and checked if file is readable?

    ... is just a placeholder, I have removed the correct path. The file with the correct file size is downloaded, but it is broken. But if I download the same file outside of processwire in the same way, then the file is OK.

  3. I would like to protect files (pdf) that are located in the site/assets/files folder from being downloaded directly via the url that leads to this file. However, when a page containing the file field is called up, it must be possible to make this file available for download.
    Is there a solution for this in processwire. The access should be controlled depending on the role of the current user and another parameter.

    I tried it like this:

    I have protected the folder site/assets/files with .htaccess file:

    <FilesMatch "\.(pdf)$">
      <IfModule mod_authz_core.c>
        Require all denied
      </IfModule>
      <IfModule !mod_authz_core.c>
        Order allow,deny
        Deny from all
      </IfModule>
    </FilesMatch>
     

    Then created a template that makes the file path available for download as follows:

    <?php    if( $ok ) {
            header("Content-type:application/pdf");
            header("Content-Disposition:attachment;filename=$downloadname" );
            header("Expires: 0");
            header("Cache-Control: must-revalidate, post-check=0,pre-check=0");
            header("Pragma: public");
            readfile("/var/www/...".$download);
        }

    This works perfectly in a test php file, but when integrated via a template file in processwire it does not work.

    My guess is that a header is delivered by processwire, a different content-type or something like that.

    In the template I have tried contentType application/pdf and empty, neither works.

×
×
  • Create New...