Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
I found out that a bug for CKEditor module also affects WYSIWYG module: https://drupal.org/node/1259510.
To solve it, they have added a new option to control files and a hook. Maybe similar approach could be done in WYSIWYG module.
While it is not fixed, I've done this workaround: I created an image field with unlimited entries for my content type. With this field I can upload images to public file directory. Then, from CKEditor, I insert them to the text area from Media library.
Comments
Comment #1
TwoDWysiwyg module does not handle file uploads or downloads and has no control over other modules/libraries that do. I fail to see how that issue could exist in this module, especially since we do not support CKFinder out of the box.
Comment #2
nerdoc CreditAttribution: nerdoc commentedI can confirm this. Pictures are uploaded into the private directory, and can't be accessed then from the anonymouse user. For IMCE there is a plugin module available, and CKEditor, as stated, *seems* to have fixed it (see OP).
Comment #3
TwoDConfirm it how? And confirm what exactly? The OP failed to explain what the actual issue is. The behavior explained in the referenced issue is by design. It is also not relevant to Wysiwyg module since we do not enable or support file mechanisms bundled with the editors, also by design.
If you remove the .htaccess file in the private files folder to "fix" something, you are creating a massive security hole.
Files uploaded to the private folder should not be accessible to anonymous users, that is its whole purpose.