Repeater: Images not shown for Non-Superusers on unpublished pages

[doolak]

I already posted this issue to GitHub, but i am not sure if i made everything right over there (i closed the issue accidentally and reopened it) - so i decided to post it here, too:

When i log in as a non-superuser and add an image to a repeater, it is loaded up but the image is not shown in the administration if the page is unpublished.

If I publish it, the image is shown correctly - everything is fine. This just happens for an image field which belongs to a repeater.

I tried to find out why this happens and it seems to have something to do with the minus-sign in front of the files folder which is used for unpublished pages.

When logged in as superuser the image link is the same like for a non-superuser - the files folder is shown in the path without that minus-sign:

/site/assets/files/1264/slide1.jpg 

But although the folder is named "-1264" the image is shown for superusers.

Edit: Forgot to mention that i am using the latest dev version of PW

[ryan]

Thanks for the report Doolak. I see the issue report at GitHub too. I think I know what the problem might be and will test here. 

[doolak]

Any news about this? Maybe you could give me a hint where the problem is located and i could try to fix it. I have to give a costumer access to the site and don't want to to this before the problem is fixed ;-)

[ryan]

I haven't had a chance to fix this one yet, but if you need a temporary fix edit your /site/config.php and locate the $config->pagefileSecure line and change it to false:

$config->pagefileSecure = false;

Look in your /site/assets/files/ dir. If you have any directories with a preceding "-", then rename them not to have the "-" in it. 

[doolak]

Thanks for your help, Ryan!

Yes, as i mentioned above, i recognized the directories with the preceding "-". So the temporary fix above will prevent new directories have that prefix, right?

Edit: Ah, i see - it's described in the config.php:

/**
 * Set to true if you want files on non-public or unpublished pages to be protected from direct URL access. 
 *
 * When used, such files will be delivered at a URL that is protected from public access. 
 * See also: fileContentTypes in /wire/config.php, which you may copy/paste into this file and modify 
 * if you want to.
 *
 */
$config->pagefileSecure = true; 

/**
 * pagefileSecurePathPrefix: One or more characters prefixed to the pathname of protected file dirs.
 *
 * This should be some prefix that the .htaccess file knows to block requests for. As of version 2.3
 * ProcessWire's htaccess file blocks files directories starting with a "-", so the default value 
 * below is recommended here. 
 *
 */#
$config->pagefileSecurePathPrefix = '-';

 

Great, that will work for the moment! (I don't want to give the costumer superuser access - but it wouldn't be nice to deliver the site with that "little problem" that he can't see the images when having them uploaded and the page is unpublished... ;-)