I found out that a bug for CKEditor module also affects WYSIWYG module: https://drupal.org/node/1259510.

To solve it, they have added a new option to control files and a hook. Maybe similar approach could be done in WYSIWYG module.

While it is not fixed, I've done this workaround: I created an image field with unlimited entries for my content type. With this field I can upload images to public file directory. Then, from CKEditor, I insert them to the text area from Media library.

Comments

TwoD’s picture

TwoD
Primary language Swedish
Location Sweden
CreditAttribution: TwoD commented

Wysiwyg module does not handle file uploads or downloads and has no control over other modules/libraries that do. I fail to see how that issue could exist in this module, especially since we do not support CKFinder out of the box.

nerdoc’s picture

nerdoc CreditAttribution: nerdoc commented
Issue summary: View changes

I can confirm this. Pictures are uploaded into the private directory, and can't be accessed then from the anonymouse user. For IMCE there is a plugin module available, and CKEditor, as stated, *seems* to have fixed it (see OP).

TwoD’s picture

TwoD
Primary language Swedish
Location Sweden
CreditAttribution: TwoD at Websystem for ComplianceOnline Ltd commented
Status: Active » Postponed (maintainer needs more info)

Confirm it how? And confirm what exactly? The OP failed to explain what the actual issue is. The behavior explained in the referenced issue is by design. It is also not relevant to Wysiwyg module since we do not enable or support file mechanisms bundled with the editors, also by design.

If you remove the .htaccess file in the private files folder to "fix" something, you are creating a massive security hole.
Files uploaded to the private folder should not be accessible to anonymous users, that is its whole purpose.