This happens when I upload a single file through media browser via WYSIWYG. This occurs with a brand new, clean drupal install, where media browsers' upload destination is configured as any directory that does not exist yet, such as with tokens (see "File directory for uploaded media at admin/config/media/browser") If the destination is private, the directory does not get created, and the file gets dumped into the public file system. It happens even if private files have 777 permissions. It doesn't happen when uploading through a file field. It only happens when uploading through media browser.
Comment | File | Size | Author |
---|---|---|---|
#5 | media_wysiwyg_private_file_directory.png | 84.11 KB | chrisgross |
Comments
Comment #2
joseph.olstadthere's a file_entity patch that allows token configuration for upload directory
#1997208-32: Specify a fixed custom file directory for use with the /file/add form
FIRST, apply the above mentioned patch to the file_entity module, then, in the file_entity configuration for the default upload directory configuration
/admin/config/media/file-settings
you can add something like[current-date:custom:Y]/[current-date:custom:m]/[current-date:custom:d]
Comment #3
chrisgross CreditAttribution: chrisgross commentedThis issue is referring to uploads via the media browser from a WYSIWYG editor, which I also mentioned in the related issue. The patch above does not address this.
Comment #4
chrisgross CreditAttribution: chrisgross commentedComment #5
chrisgross CreditAttribution: chrisgross commentedThis is the setting I am referring to. It already exists and it is badly broken. It results in the error
File public://files-[token]/filename.png could not be copied, because the destination directory private://files-[token] is not configured correctly.
This is a critical security vulnerability, but no maintainer seems to be taking it seriously, as it has gone unaddressed for months, despite many new versions being released. I originally reported it in 1327524 over six months ago. I haven't written a patch because I don't know how to fix it.Comment #6
joseph.olstadI believe I tested this recently and it worked for me but I will have another look
Comment #7
joseph.olstadadding some possibly related issues.
For my clients I've set up some custom glue modules to handle organizing which folders to upload files to (depending on type of file and where they're used.
This would be for 'out of the box' type configuration.
WayneDyck is pretty happy with this token solution but not exactly the same requirement.
#1997208-36: Specify a fixed custom file directory for use with the /file/add form
Comment #8
joseph.olstadHard to say if this is a bug report or not, it may just be server configuration. Also, it's not clear if this functionality ever worked for any version for the use case scenario described by Chrisgross. For now it's a support request.
Comment #9
joseph.olstadGenerally, to configure private folders it's important to know that a private folder usually means that it would be outside of the webroot but still writeable by the webserver, read permissions processed by the web application according to the permissions configured. A lot of things can go wrong if one doesn't configure the filesystem permissions correctly. Also, details about operating system, filesystem version, web server version and type would be helpful.
Comment #10
joseph.olstadHi Chris, it appears that this is not a media issue, but rather a core issue.
You're in luck, there is a patch available.
#2211657-7: file_unmanaged_copy not working properly when the destination directory does not exist.
Apply this patch to core and see if it helps. Meanwhile I am going to test it myself, I believe patch #7 is for D7.
Should the core patch not work for you, check these issues about folder permissions.
#1588056-16: The specified file temporary://filet8OKMQ could not be copied, because the destination directory is not properly configured
https://www.drupal.org/node/2180519#comment-12158888
https://www.drupal.org/node/2546328#comment-12034390
#2546328-3: The specified file temporary://file could not be copied, because the destination directory is not properly configured. Thi
#1910564-3: File temporary://name could not be copied, because the destination directory public://js//wysiwyg is not configured correctly
Comment #11
joseph.olstadComment #12
chrisgross CreditAttribution: chrisgross commentedIt looks like that core patch does indeed fix the issue for me on my local install. So that must mean that file field uploads do not use the core functionality, but rather their own, as they do not suffer from this bug. The fact that this is a core issue is interesting, because that possibly means that the custom upload directories in this module may never worked for private files and I can't help but wonder if it was ever tested before being committed.
I still need to test this on my Pantheon host, because as I mentioned, I had tried this will global permissions on my whole web root and it still failed, meaning it likely has nothing to do with server config. I will report back, to make sure.
Comment #13
joseph.olstadHi Chrisgross , please post the details about your successful test results in the related core issue #2211657: file_unmanaged_copy not working properly when the destination directory does not exist.
The only way the core issue will get fixed is if it gets enough attention , basically a simpletest has to be written for the test case , but at least if you could post your results saying that the core patch is good (patch 7 #2211657-7: file_unmanaged_copy not working properly when the destination directory does not exist.
)
then perhaps it'll get some additional attention. Also, your feedback will bump the issue back to the top of the queue.
Comment #14
joseph.olstadComment #15
chrisgross CreditAttribution: chrisgross commentedThis does not completely resolve the issue. Yes, the file ends up in the right place in the filesystem, but instead of just moving the file, it seems like media is copying it and deleting the original, resulting in the copied file having a different fid, thus a broken image once the node is saved.
1. Upload image to private file system in WYSIWYG via Media.
2. Image uploads to private system, appears correctly in WYSIWYG.
3. Save the node.
4. When viewing node, image is broken. Fid in WYSIWYG no longer matches up with that of uploaded file.
Update: This seems to be occurring erratically and inconsistently. I will report back.
Comment #16
chrisgross CreditAttribution: chrisgross commentedComment #17
joseph.olstadHi Chris, thanks for the detailed summary. If possible, could you please debug the code and indicate if the actual code making a new fid is either a) the core patch , b) file_entity , or c) media
and which function is doing this.
here's how to make a backtrace, (which functions are called , in the order of which they were called)
backtrace code comes in handy. The file should be created in the web root.
Another approach if you want it in your browser:
Here is an example of some output:
Debugging core errors that might not really be core errors
https://www.drupal.org/node/2487462#comment-11872110
Keeping a log
Using a function like this, you can keep appending a log. (usually written to the root folder of your site) The log is best viewed using an editor where you will be prompted automatically to reload. When you're wanting to see a fresh log, then just select-all, delete and save.
then in some module, you'll put this line in:
Quick debugging with watchdog.
Sometimes all you need is this.
//When you want to debug something, and dpm isn't doing it for you, then you should use this:
Comment #18
chrisgross CreditAttribution: chrisgross commentedPer my previous edit, it seems the solution not working may have been caused by a delay on Pantheon's servers, perhaps because of their uses of multiple containers per site. It seems to be working now, but I need to do some more testing.
Comment #19
joseph.olstadAssuming the silence means the issue is resolved.
should you experience this issue, please try the available core patch.
https://www.drupal.org/files/issues/create-directory-on-file-copy-221165...
Comment #20
joseph.olstadupdate for this, there's an RTBC patch for D7 that you should use in place of the above patch.
see this patch description
#2789723-1: [D7 backport] drupal_mkdir does not set permissions to directories it created recursively
the actual patch:
https://www.drupal.org/files/issues/2789723-1.patch
There's hope that this patch could get into drupal core 7.60 or 7.57 ?
Comment #21
joseph.olstadupdating issue title
Comment #22
joseph.olstadworkaround /fix is to apply the RTBC core patch
marking as postponed on D7 core patch commit.
Comment #23
joseph.olstadComment #24
Chris Matthews CreditAttribution: Chris Matthews as a volunteer commentedRecent versions of media have resolved most of peoples concerns and is compatible with entity translation, multilingual and various advanced configurations. Due to the high volume of inactive and most often irrelevant issues we are Closing this as (outdated). If for whatever reason this issue is important to you AND you still have issues after checking the media recipe documentation, then let us know and we will review your concerns.
Otherwise, see the recipe documentation for how to configure media and for troubleshooting tips OR refer to the media_dev distribution if you want to see a working media setup.
As mentioned, feel free to make some noise in this issue if you still feel it is important to you or someone else.
Thanks,
Media team