[SOLVED] $config->pagefileSecure has no affect on trashed pages

[gebeer]

Hello,

on PW v3.0.229 when setting $config->pagefileSecure, files (PDF inmy case) are still offered for download, even if the pages for those files reside in the trash.

Can anyone confirm that behaviour?

IMO assets of trashed pages should not be publicly available and $config->pagefileSecure should take care of that like it does for unpublished pages.

Many editors without superuser priviliges aren't even aware of pages in the trash, unless we allow them to see the trash. So they would think that a trashed page is gone for good. In my case I now made the trash visible to those editors. But I also needed to instruct them to unpublish pages before moving them to the trash or delete them from the trash in order to make the files not appear publicly anymore 

[netcarver]

Maybe open an issue in the issue tracker if not yet done?

[gebeer]

20 hours ago, netcarver said:

Maybe open an issue in the issue tracker if not yet done?

Issue submitted: https://github.com/processwire/processwire-issues/issues/1911

[gebeer]

Problem solved. Ryan mentioned in the issue report that only files are protected that are uploaded after the $config->pagefileSecure setting is in place.

I was not aware of that and I couldn't find that requirement documented anywhere when doing a search prior to posting this issue. Done a search again which pulled up this forum thread   

I suggest to add that information to the entry for `$config->pagefileSecure` at  https://processwire.com/api/ref/config/