Using fal_securedownload v1.2.3 with typo3 7.6.18.
After uploading via FTP, some files have the wrong size.
This causes images to not be displayed completely and can not be fully downloaded.
Empty all caches does not improve.

Hello

I've configure tx_solr with
plugin.tx_solr.index.queue._FILES.default.filePublicUrl = public_url plugin.tx_solr.index.queue._FILES.default.url = public_url
but url are generated wrong
/typo3/index.php?ajaxID=FalSecuredownload%3A%3ApublicUrl&eID=dumpFile&t=f&f=6622&token=61756eccb7
I'm using commit 435efaa (latest) of fal_securedownload

Is it a bug or am I doing something wrong?

thanks

Hello,
I've got an unexpected behaviour:

Inside my default file storage (fileadmin/) i've uploaded an image and an pdf-document. Both are restricted to a previously generated FE-Group named "intern". The storage is set as non-public and secured by .htaccess (Require all denied).

Now when adding a text & media element to a site and link the image and pdf-document as media then both are not accessible as long as the visitor is not a member of group "intern". 👍
When linking the image and pdf-document as a text-link via RTE then only the access of the image is denied. 👎

Thanks 4 reply!

Greetings
FireLizard

I'm getting the following PHP warnings:

PHP Warning: Declaration of BeechIt\\FalSecuredownload\\ViewHelpers\\Security\\AssetAccessViewHelper::render(TYPO3\\CMS\\Core\\Resource\\Folder $folder, TYPO3\\CMS\\Core\\Resource\\File $file = NULL) should be compatible with TYPO3\\CMS\\Fluid\\Core\\ViewHelper\\AbstractConditionViewHelper::render()

PHP Warning: Declaration of BeechIt\\FalSecuredownload\\ViewHelpers\\LeaveStateViewHelper::render(TYPO3\\CMS\\Core\\Resource\\Folder $folder) should be compatible with TYPO3\\CMS\\Fluid\\Core\\ViewHelper\\AbstractConditionViewHelper::render()

PHP Warning: Declaration of BeechIt\\FalSecuredownload\\ViewHelpers\\DownloadLinkViewHelper::render(TYPO3\\CMS\\Core\\Resource\\FileInterface $file, $uriOnly = false) should be compatible with TYPO3\\CMS\\Fluid\\ViewHelpers\\Link\\ExternalViewHelper::render($uri, $defaultScheme = 'http')

Hi

This is just a question: Is it possible to provide secure download link without the provided plugin? I have some file list (CType uploads) with file references, is it possible to create secure downloadlinks just with fluid?

Kind reagrds, oliver

Maybe it's server related but it looks like the files are not sent using some kind of "ForceType application/octet-stream" or "Header set Content-Disposition attachment" and it makes Word and Excel files to ask for login/password in intranet environment.

I tried adding this in .htaccess without success for an Excel file :
<FilesMatch ".(?i:xlsx)$">
ForceType application/octet-stream
Header set Content-Disposition attachment

Maybe adding this (http://php.net/manual/fa/function.http-send-content-disposition.php) would make FAL SecureDownload works but sadly it's from PECL module.

If our files are under /fileadmin/ everything works as expected.

i wrote a patch which shows protected files in the backend, but if a backend-user is logged in, the files are shown in the frontend too, regardless of what is configured to be visible to frontend-groups and what is not (as long as the be-usersession is available at the same time as the fe-usersession).

is that the behaviour we want?

Hi - I was wondering if I should switch from naw_securedownload to fal_securedownload.

That's my regular use case:

• Frontend users can log in, see (else hidden) links to additional files and download them freely.
• Without a FE login, the provided link to the file should not work.

Is fal_securedownload the right tool? Or can I even achieve that with FAL without an extra extension?

This extension already implements the Features of a Frontend File Manager half the way, so it could probably be extended with Features as

• Upload files as a Frontend user
• Upload and extract ZIP files as a Frontend user
• Select and Download multiple files as ZIP
• view and edit File Name and Description in the Frontend
• Delete Files/Folders as a Frontend user
• (move files as a Frontend user)

I hope this functionality is even desired. As for myself I would highly appreciate this development.

Best regards
Philipp

In BeechIt\FalSecuredownload\Security\CheckPermissions.php
Line 117 the $folder
foreach ($this->getFolderRootLine($folder) as $folder) { // fetch folder permissions record $folderRecord = $this->utilityService->getFolderRecord($folder);
variable seems to be overwritten. I'm not quiet sure if it has any bad impact here, cause it is not used afterwards, but if not needed I would recommand to change var name here.

Hello everybody,

nice extension. Saves me a lot of time in my current project.
But I miss the possibility to display the file-title (if one is set in FAL) in the sd:downloadLink-Viewhelper (Leaf.html)

When I dump {file} with f:debug, I see, that the title is stored "mediaDataproperties" - but I can not access it like this:

<li><span class="icon-file icon-file-{file.extension}"></span><sd:downloadLink file="{file}">{file.title}</sd:downloadLink></li>

I also tried {file.metaDataProperties.title} but it seems to be protected or something (?).

My customer uploads his files with really ugly filenames and I give them all nice titles. It would be super nice, if you could implement this litte feature.

Thank you.

Easy to reproduce in TYPO3 7.6:
Just click on a page with right mouse key and choose branch-actions/Export to t3d:

`Oops, an error occurred!

PHP Catchable Fatal Error: Argument 3 passed to BeechIt\FalSecuredownload\Aspects\PublicUrlAspect::generatePublicUrl() must be an instance of TYPO3\CMS\Core\Resource\FileInterface, instance of TYPO3\CMS\Core\Resource\Folder given in /xxx/releases/current/Web/typo3conf/ext/fal_securedownload/Classes/Aspects/PublicUrlAspect.php line 79`

Used version of fal_securedownload: 1.0.2

IconUtilityOverrideResourceIconHookInterface was removed in TYPO3 CMS 8 causing an fatal error when accessing the File List.

T3 8.5.1 PHP 7

The FE-Plugin throws a Fatal Error with TYPO3 v 6.2.4 (haven't tried any other version):
Fatal error: Class 'BeechIt\MediaLibrary\Resource\ResourceFactory' not found in <...>/typo3conf/ext/fal_securedownload/Classes/Controller/FileTreeController.php on line 38

I cannot find this class anywhere. It seems to come from an Extension named "MediaLibrary". Where can I find this? It should be set as dependency I guess...

Hi Frans Saris

First, thanks for your work.

I found a strange behavior in Safari:
Safari (on iPad iOS 9.3 and OS X OS X 10.11.4) cannot open files (for example .mp3) protected with fal_securedownload who are only available for fe_users. If the folder has no limitation (but is also not public) all is working fine.
The problem occurs with Safari (and IE 11 / Edge).
Chrome, Firefox, Opera are working.

I've created a small test page: http://test76.laupercomputing.ch/fal-securedownload/
Using: Typo3 7.6.6 (same behavior with Typo3 6.2.21), fal_securedownload 1.0.2
It's two times the same mp3-File.

The header data for both requests are looking equal...
Do you have any idea?

Best regards, michael

Hi
I'm not an expert, but I tried to modify the template so I supposed that to add che content of sys_file description, I should use the 'description' field.

Unfortunately there is non (apparent) way to do it. Adding the variable {description} or {file.description} no output is given.

I modified the template file:

typo3conf/ext/fal_securedownload/Resources/Private/Partials/FileTree/Leaf.html

adding i.e. {file.description} or {description} variable

without success.

where I'm wrong? I believe the best way to give info to downloaders is to printout

name, size, description

so the downloader knows what file to select.

thank you much for your help

With latest version of fal_securedownload (1.2.0) and basic.track_downloads=1 you get a php warning when you add a new feuser:
PHP Warning: Invalid argument supplied for foreach() in typo3conf/ext/fal_securedownload/Classes/FormEngine/DownloadStatistics.php line 63

I think there has to be a check whether this is a new or an existing user, i.e. in row 48:
if (substr($row['uid'], 0, 3) != 'NEW')

There seems to be a problem with the ke_search indexer hook: Working with cascading fe_user groups, the permission check fails in modifyFileIndexEntryFromContentIndexer() and removes all groups, when the page or the content element is restricted to another usergroup than the storage is. As a result, the secure files are listed in the search result.

Code:
Line 81:
if ($feGroups) { $feGroups = implode( ',', GeneralUtility::keepItemsInArray(explode(',', $resourcePermissions), $feGroups) ); } else { $feGroups = $resourcePermissions; }

If the folder you have selected to display with FileTree is renamed or moved you get an exception in FE.

An "error 200" popup when any user try to add an image from a "Fal secured" directory/ File Storage
and the image/media file does not get attached to the content element.
Typo3 7.6.18/ Fal_securedownload 1.2.2

typo3conf/ext/fal_securedownload/Resources/Private/Partials/FileTree/Leaf.html
Line 6
<span class="icon-folder {sd:leaveState(folder:'{subFolder}', then:'icon-folder-open')}"
seems to be wrong.
<span class="icon-folder {sd:leaveState(folder:{subFolder}, then:'icon-folder-open')}"
would be better, because the ' will cause a fluid to think of subFolder being a sting (use htmlspecialchar(subFolder))

When I override files via TYPO3 File Manager the extensions, works as it should.
When I override files via FTP or local on the file system the extensions (i think) does not work correctly. The file can not be downloaded and for example in chrome, the error message on the bottom will be displayed. On other browser only a grey background is display.

Error Message: PDF cannnot be display.

We got three storage folders configured to a BE user group "Redaktoren". If a BE user loggs in and would like to add a file tree to be displayed in the FE currently there is NO restrictions of the storage folders which he gets granted. He always see every folder to choose. It should be NOT.

Can you fix this?

Thanks.

Regards,
Angelo

If you use the ext my_user_management a public url for a folder is requested. The Current implementation only respects files.

Installing the extension in TYPO3 6.2 breaks TYPO3 backend and Frontend.

errorlog shows
PHP Parse error: syntax error, unexpected T_CLASS, expecting T_STRING or T_VARIABLE or '$' in /var/www/typo3conf/ext/fal_securedownload/ext_tables.php on line 29

Which leads to http://php.net/manual/en/migration55.new-features.php#migration55.new-features.class-name

So the ::class syntax is not working before PHP version 5.5
Since TYPO3 6.2 allows PHP >5.3.7 there is a conflict.

Please provide a patch or update the dependencies in the extension.

PDF that gets delivered by fal_securedownload as eID dumpfile cannot be viewed in Browser, only download

Hi
With TYPO3 7.6.4 and last fal_securedownload version, I can't add files or folder in the Fal secure download folder. Pictos are unavailable.

Any help is welcome !

Thanks

Would be nice to have.

Replace the current action icons by svg versions

Would you mind to ask to the TYPO3 team to add this extension to translation server. I want to translate it to spanish.
https://forge.typo3.org/issues/80137
I did it already but I think that the request should come from the owner

Thanks

In HEAD of typo3 the default value for fe_groups in sys_file_metadata is changed, this means that:

protected static function evaluateCondition($arguments = null)
...
if ($feGroups !== '') {
...

fails since the default value will be NULL

using
if (!empty($feGroups)) {

seems to fix the problem.

The signal in the FileDumpHook is most likely used to do something like logging. For logging, the authenticated Frontend User may be required. Since we are in eID context, this is not present by default in GLOBALS['TSFE']. By making FileDumpHook::feUser public, it would be accessible from within the slot.

I am using latest version of fal_securedownload (1.2.3) on Typo3 7.6.18. After adding Filetree-Plugin to page content and choosing storage, there is only one element in folder dropdown named -First select a storage- :-(

For some documents you want to have the download link in the "File List" module, without exposing the document at the frontend. An example could be a link to a document only used by a newsletter. Would be great if there is a button for the Public Url in the "File List" module.

Currently we need to add a link to the document in the frontend, copy the url, and delete the link again to get the public url.

In TYPO3/typo3@1beb07f a change was introduced, making Condition ViewHelpers fully static compilable. As far as I can tell, the AssetAccessViewHelper's render method is now only executed once in an empty cache situation. After that, the renderStatic method (from the AbstractConditionViewHelper) is executed. In it, the static method evaluateCondition is then used to determine whether to render the then or the else child.

evaluateCondition checks for the condition argument, which is not present when using the AssetAccessViewHelper, causing the else child to render in a cached situation.

Reproducable with this code in the FileTree/Tree.html template:

<sd:security.assetAccess folder="{folder}">
  <f:then>This is rendered the first time</f:then>
  <f:else>This is rendered the second time and beyond</f:else>
</sd:security.assetAccess>

Since I updated to version 1.0.1 the folder permission icon in the Filelist-Module in our 6.2 installation is missing and instead shows the red-questionmark-icon. Still the same in 1.0.2.

I am trying to write a download statistic, but the needed Slot (BeforeFileDump) is sometimes double fired, although the browser only sets one http request to get the data.

Example Browser for this:
Firefox current version

Typo3 Version:
6.2

the classes use configuration from EXTCONF, e.g.
$GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['fal_securedownload']['login_redirect_url']
but there's no ext_conf_template.txt and no possibility to change any settings via extension manager

Is it possible to only view the files in the browser and not enforce the download?

see https://bitbucket.org/franssaris/fs_media_gallery/commits/1cc72e70994bb5dbc8c839d89919c605ea0df347 for an example

With the new ModuleTemplate since TYPO3 7 LTS the button in the docHeader of the file list is gone.

it would be nice if we see the choosen FeGroups in the Filelistmodule equal to Type, Last Modified, Size etc.
The screen for this is in this function: generateList() in the File Filelist.php in the filelistextension.
Maybe its possible to make a hook for this?

Hello,

We have been using Solrfal to index documents in the TYPO3 backend and it works great. We want to secure documents to specific users. So that logged in users can find secured documents in a search, but access to the documents can not be provided to others. To this end, we have implemented extension fal_securedownload.

At first we noticed that the URL which is displayed in the search results for a logged in user was not correct. In looking at the index generated, there is no Content or Teaser text for documents which reside in the secured folder. At the end of this note are snippets out of the index for an secured and unsecured document.

The following are the URLs as seen in the front end. In both cases the user is logged in.
File as link on page (link works):
http://adventist.sdh/index.php?eID=dumpFile&t=f&f=4617&token=be33c54cdaf81179c1836b7c7adeb573c7eb478b

File as a result in a search (link fails):
http://adventist.sdh/ajax.php?ajaxID=FalSecuredownload%3A%3ApublicUrl&ajaxToken=5a748396b733eb309fcb1098a2333805ec9e7c33&eID=dumpFile&t=f&f=4617&token=db225b270cb721372a7e12a0bd982e465c201c9a

Thank you

Robert

SECURED DOC
"title": "applepie.docx",
"fileStorage": 2,
"fileUid": 4617,
"fileMimeType": "application/msword",
"fileName": "applepie.docx",
"fileSha1": "7fba41271d11029b761348fa1b57c7c613e44233",
"filePublicUrl": "ajax.php?ajaxID=FalSecuredownload%3A%3ApublicUrl&ajaxToken=e362724a2859d223a79cc61fc0708c50ac0ceca1&eID=dumpFile&t=f&f=4617&token=db225b270cb721372a7e12a0bd982e465c201c9a",
"url": "ajax.php?ajaxID=FalSecuredownload%3A%3ApublicUrl&ajaxToken=e362724a2859d223a79cc61fc0708c50ac0ceca1&eID=dumpFile&t=f&f=4617&token=db225b270cb721372a7e12a0bd982e465c201c9a",
"access": "205:1/c:1",
"id": "dd2e9ea387b818ee15525a986b5d693e1ac79502/tx_solr_file/4617/e29e14932cab011e34ceeadf30655ea8",
"site": "adventist.sdh",
"type": "tx_solr_file",
"content": "",
"teaser": "",
"description": "",

UNSECURED DOC
"title": "english.docx",
"fileStorage": 1,
"fileUid": 4494,
"fileMimeType": "application/msword",
"fileName": "english.docx",
"filePublicUrl": "fileadmin/adventist.org/files/content/english.docx",
"url": "fileadmin/adventist.org/files/content/english.docx",
"access": "c:0",
"id": "dd2e9ea387b818ee15525a986b5d693e1ac79502/tx_solr_file/4494/13efcd41224105fb62ecaf674c14cd54",
"site": "adventist.sdh",
"type": "tx_solr_file",
"content": "The...[content abbreviated]",
"teaser": "The...[content abbreviated]",
"description": "",

Could you adapt/fix the compatibility of fal_securedownload with the actual TYPO3 CMS version of 8.5 and higher?

That would be great.

Thank you very much.

Regards,
Angelo

The function TYPO3\CMS\Backend\ClickMenu\ClickMenu::excludeIcon is taged as deprecated and is removed in version 8

This is called in BeechIt\FalSecuredownload\Hooks\ClickMenuOptions line 84

Hello,

When i add an image in the RTE with the button 'image', it does not appear that : there is an error because a php file is called and this is not an image element. Is this a bug or configuration problem ?

In the case of MS-Office files it is possible Excel or Word ask for User/Password when reached thru IE11. If you add &download=1 to Fal Secure Download (FSD) generated links IE11 will not try to let Excel open it and generate dialog box so it would be great to have one of those 2 options :

1. In EM for the extension, get a boolean like :
   Always force downloadd = 0/1
2. In EM have a field to enter file extensions to force download.
   Force download for these file extensions = xls,xlsx,doc,docx

it would be nice to have a backend-module to show who has downloaded a file (by FE-User/ FE-Group)