If you enable CKEditor (with CKFinder) and not set a private file folder, the images will be uploaded to the public files path, and be visible to all. But if you set an explicit private file folder (second input in admin/config/media/file-system), the files are uploaded to the private folder. Although this may be handy in some cases, in Drupal 7, a .htaccess in the private folder disables all access to it, basically removing all access to these files.

I can enable access to all private files by removing the .htaccess, but there are other files in the private directory that I don't want to share. I think that the CKEditor should either place all files always in the public path, or it should output the uploaded images to the users via a callback. And there should be options to which users what is available, because why bother putting it in the private folder instead of the public folder otherwise?


knalstaaf’s picture

Status: Fixed » Active

Is there a way to fix the issue of CKfinder putting all files in the private folder? Is there a setting with which we can adjust the default upload folder to get it back in its original state?

Ow, resaving the settings page of the CKeditor profile (admin/config/content/ckeditor/edit/[Profile-name]) with the correct CKfinder settings solves the issue apparently. Bùt before that you have to set the default path for private files back to default in the File Settings.

And that's not so good...

mkesicki’s picture

Status: Active » Fixed

Problem with saving profile to fix CKEditor/CKFinder pathes will be fixed soon. It should be ok in DEV versions.
Please check latest DEV version.

bvanmeurs’s picture

Status: Active » Fixed

Very good!

Anonymous’s picture


Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

Screenack’s picture

Version: 7.x-1.2 » 7.x-1.x-dev
Status: Closed (fixed) » Active

Nope. I'm using the dev branch, and I'm still seeing this issue. I've manually removed and reinstalled the ckeditor modules directory , cleared server caches. What exactly are "correct" CKfinder settings?

Added update: I'm overriding the private .htaccess for the flash subdirectory, with Allow from All until this is resolved. This keeps all my other private files as private.

ndmaque’s picture


i tried every possible option, with&without private files folder set but no joy
I reset and followed the drupal file directive http://drupal.org/documentation/modules/file
Public file system path = sites/default/files
Private file system path = sites/default/files/private

default settings...
CKFinder settings = %b%f/
Absolute path to uploaded files = %d%b%f/

configured as above i can upload/browse server but the files don't show (because they are private i guess)
in my case I dont care that the file always ends up in private folder regardless what i as long as it displays

the inline html it creates doesn't render (yay proves private files works!)
img alt="" src="/sites/default/files/private/images/test.jpg" style="width: 338px; height: 550px; "
is it just a simple permission i need to set somewhere?

when a file is uploaded using a field the Upload destination is set to private and produces this
img src="http://example.com/system/files/test.jpg" alt=""

@Kyle Skrinak pls tell me what you put in the .access file to restrict to certain folders as this will solve my issue for now
i guess it needs to just allow access on the 'image's and possibly the '_thumbs' folder
in our case all private files are uploaded use a field and have there own paths so its just the CKfinder folders i have to allow

Screenack’s picture

ndmaque; the private/flash directory has it's own .htaccess file, so scope is limited to that directory; I changed that line #2 to "Allow from all"

ndmaque’s picture

thanks@Kyle Skrinak

My final solution to force the uploader files into the public folder.
I removed the %b/%f/ tokens and coded the paths as below
* the tokens created a path with double slashes in when i had private files enabled, probably because my private files were well outside of the drupal folders.


Path to uploaded files = /sites/default/files/
Absolute path to uploaded files = /var/www/mysite/sites/default/files/
*note the lead and trailing slashes

i set nothing in the ckfinder/plugin.php

// $baseUrl = '/ckfinder/userfiles/';
require_once '../../../../includes/filemanager.config.php';
$baseDir = resolveUrl($baseUrl);

you also need to set the base_url and cookie_domain in settings.php as usual
$base_url = 'http://'. $_SERVER['HTTP_HOST']; // NO trailing slash!
$cookie_domain = $_SERVER['HTTP_HOST'] ;

hope this helps someone

mkesicki’s picture

Status: Active » Fixed

I commited changes to GIT. Please test latest DEV version. New option to global CKEditor profile added which give users more control about files. hook_download was added.
If you have more problems with this, please reopen this ticket.

mkesicki’s picture

Status: Fixed » Closed (fixed)