IMCE 2 makes some very good inroads towards proper file management, including hook_file() support and reference counting. In #830696: IMCE integration improvements, ufku suggested enabling all IMCE features like uploading and file deletion when using the 2.x version of the module. I think that IMCE is still a little too liberal with its options (such as allowing uploads to be created anywhere) such that some control is still needed to prevent unwanted creation of thumbnails and uploading of files.

So in order to enable uploading/deletion in IMCE 2, I think we just need a few configuration options in the IMCE FileField Source settings:

IMCE Mode:
(•) File browser only
( ) Full IMCE profile (uploading, deletion, thumbnails, etc. if allowed)

Fine-grain control of options would be locked down through the normal IMCE profile settings.


quicksketch’s picture

After checking the IMCE 2 options further, I see that you can restrict functionality per-directory, but setting up IMCE to only allow uploading in the proper FileField upload directory per-field would still be a pretty big hassle. It seems to me that the IMCE FileField Source should be responsible for restricting uploading/deletion to the FileField upload path, rather than requiring the user to set up matching configuration options at admin/settings/imce for each field.

ufku’s picture

Attached is a patch for demonstrating how IMCE settings can be overridden by field settings for field upload directory.

This is the IMCE profile process function used in the patch.

 * Post process IMCE 6.x-2.x profile.
function filefield_source_imce_custom_process2(&$imce) {
  // Load field settings.
  $field = content_fields(arg(3), arg(2));
  $options = $field['widget'];

  // Get field upload directory relative to drupal's file directory.
  if ($options['file_path'] == '') {
    $field_dir = '.';
  else {
    $path = filefield_widget_file_path($field);
    $field_dir = substr($path, strlen(file_directory_path()) + 1);

  // Apply field restrictions for field upload directory.
  if ($field_dir == $imce['dir']) {
    // Upload restrictions
    if (!empty($imce['perm']['upload'])) {
      // Allowed file extensions
      $imce['extensions'] = $options['file_extensions'] == '' ? '*' : $options['file_extensions'];
      // Allowed file size
      $imce['filesize'] = parse_size($options['max_filesize_per_file']);
    // Continue restricting....

ufku’s picture

IMO, if a restriction is to be applied it should
- cover all the field's settings
- disable directory navigation
- enable uploading to the field directory even if IMCE profile does not allow
- disable all IMCE permissions except upload.

This is the only way to mimic the default upload widget.
If this not our goal, then i'm for disabling all restrictions.

ufku’s picture

I think there should be a IMCE mode setting, as you suggested.

- full IMCE
- file browser (shows only the field directory and works for everyone regardless of IMCE permissions)

quicksketch’s picture

If we make the options for "Full" or "Browser only", would it make sense to allow uploading and deletion within that restricted directory also? Since they can't delete any files that are in use by other nodes, it's not very dangerous. Then again, having the ability to delete but not have it work for most files isn't very useful either.

So far I completely agree with all your ideas. If restricting down the browser, it should essentially function the same as the "Reference Existing" auto-complete field, but with a visual interface.

geerlingguy’s picture

I'm fully behind the ideas in #3 - that would be perfect!

Ryan Weal’s picture

This setting would be a great add-on. I am migrating from imceimage and the lack of buttons in the imce window coming from filefield_sources is a pain. I also use imce_crop and sometimes imce_mkdir... both things that could be useful if the upload button reappears.

Also, the theme seems to be overridden as well. I'm already theming imce with imce_kama so as part of the "full experience" can we allow external imce themes to be applied too? I thought that was working with v 1.1 but I could be mistaken.


agerson’s picture

I too am coming from imceimage and we really miss the resize options. I am all for this feature.

arlinsandbulte’s picture

+1... to full IMCE integration (upload, delete, mkdir).
AND, if this gets implemented, an option should be added so the default upload widget can be disabled (see attached screen shot), but that is probably another issue: #898002: IMCE integration UX improvements.

Is there any technical reason that IMCE upload directory needs to be the same as the filefield upload directory?
I think the IMCE permission options could be kept as is... if the admin wishes, they could restrict the permissions using the normal IMCE settings.

valderama’s picture


The things ufku mentioned in#3 would allow a strong file management solution with field_field and IMCE. Therfor I hope that setting will be available soon.

PS: If someone needs full IMCE functionality from within file_field one could try the patch by ufku here:

ufku’s picture

Status: Active » Needs review
6.16 KB

This patch introduces 2 browser modes:

1- Restricted:
- The only available directory is the field directory (even if it isn't defined in IMCE profiles).
- File list contains only the field files. (like in auto-complete reference)
- No file operations are allowed.

2- Full:
- Directories are defined by IMCE profiles.
- File list contains only the files that exist in DB.
- File operations are allowed for only IMCE6.x-2.x or above.

A third mode allowing upload to field directory by inheriting field settings was canceled because it was getting too complex.

BarwonHack’s picture


shopdogg’s picture


MiMe’s picture

Great patch!

The only thing I'm missing is an option where you can enable/disable the default Upload so that File browser takes over completely.
With Upload still in place users will get confused on which one to use, especially since the Upload is the default one.

Oh, and if you are using private files in Drupal you might want to check out my patch for imagefield #931540: Images have wrong path when using private files and absolute Windows file directory

kendouglass’s picture

I have been using patch #11 by ufku on a few sites and it appears to work fine in both browser modes. It makes FileField Sources much more useful. Thank you!

dubois’s picture

I second #14 by MiMe. I'd like to offer my users an integrated image management interface across fields with filefield_sources and in WYSIWYG editing - entirely replacing the upload module with IMCE.

redkilian’s picture


mansspams’s picture

subscribing. #11 works.

ikeigenwijs’s picture


mansspams’s picture

Status: Needs review » Reviewed & tested by the community
spgd01’s picture


jhedstrom’s picture

Here is the same patch as in #11, but made from the module root instead of the sources subdirectory.

yang_yi_cn’s picture

#11 works for me.

Actually I prefer using IMCE to manage files instead of automatically create directory by filefield. In my case I'm migrating from an old site with was using imceimage and there are about 6,000 image files created by the content team. The images are already organized by directories and sub-directories, and there are about 500 directories. I don't think filefield is smart enough to manage these files in a better structure.

oliveyrc’s picture

Component: Code » General


nateB’s picture

Is this patch applicable, or working, in the latest 6x-1.4 build of the module?

axooh’s picture


What about a patch for Drupal 7?

ufku’s picture

Here are the latest patches for 6.x and 7.x.
6.x is almost the same as the previous patch.

I've also attached files for those who don't know how to apply patches.

paskainos’s picture


jayson’s picture


jaypark’s picture

applied the patch in #27 - getting this warning when attempting to upload via imce:

warning: imagejpeg() [function.imagejpeg]: SAFE MODE Restriction in effect. The script whose uid is 0 is not allowed to access /var/www/vhosts/ owned by uid 48 in /var/www/vhosts/ on line 66.
warning: imagejpeg() [function.imagejpeg]: Invalid filename in /var/www/vhosts/ on line 66.

dwalker51’s picture


momper’s picture


deshiknaves’s picture


tsvenson’s picture

Subbing, this will greatly improve productivity for content authors.

ufku’s picture

It would be very helpful if subscribers also reviewed the patches supplied in #27.

tsvenson’s picture

@ufku: That's my plan, just need to finish up some other related stuff before. Plan is to test the patch tomorrow.

momper’s picture


weekbeforenext’s picture

I replaced the sources/ file with #27. It seems to be working well.

Ireneo’s picture

Hi, I replaced the .inc file and selected "Full: Browsable directories are defined by IMCE configuration profiles" but when I go to the IMCE configuration page, the only definable browsable directories appear to be in the sites/default/files/ directory which is no different than before. What am I missing?

decibel.places’s picture

I also require the IMCE functions upload and especially crop and resize - so the 6x patch in #27 works for me!

For the record, some plugins for IMCE exist that address some of the security concerns that led to the decision to disable all IMCE functions in filefield_sources except for Browse and Insert:

IMCE Tools (part of the project)
IMCE Directory Manager
This module provides an interface for specifying which directories a user can access via the IMCE module. It is useful when you have users which have the same Drupal roles but need to be confined to directories which can not be derived from user data.
IMCE Search
This module provides a search box on the IMCE interface for searching the files table based on current directory path. This won’t find all files uploaded matching the search criteria but it will find any recorded in the files table.
IMCE File Path
This module provides a status bar type interface in the IMCE window listing the path to a file which makes it easy to build a link to a file instead of embedding it.

IMCE Mkdir
IMCE Mkdir allows users to create and delete sub-directories under directories assigned by IMCE.

IMCE Rename

decibel.places’s picture


be sure to create an IMCE profile with the directory permissions you need AND assign it to a role at admin/settings/imce

code-brighton’s picture

I used the patch in #27 and worked for me. Thank you ufku.

But I also had to make changes sited here: due to the following error when trying to upload some files "The selected file could not be used because the file does not exist in the database"

All works now.

Gergely Varga’s picture


tostinni’s picture

#27 works great on D7, thanks ufku.

decibel.places’s picture

FYI, We have shifted the image crop and resize functions to the Imagefield Focus module

Using Filefield Sources there is an upload option too. If you need to be able to delete existing/uploaded files, then IMCE with the patch in #27 is good option

spgd01’s picture


NetWorks’s picture

Version: 6.x-1.x-dev » 7.x-1.4

i deleted my post: think before posting! ^^

kerios83’s picture

patch from #27 is working with 7.x.1.5 ? There is no file in the package so attached files in #27 won't work... You also cant choose Version -> 7.x.1.5 in Edit issue settings.

@ufku can u Attach property files for version 7.x.1.5 ? Thx.

Draco’s picture

Version: 7.x-1.4 » 6.x-1.4
Component: General » Source: IMCE
Category: feature » bug
Status: Reviewed & tested by the community » Active

#27 not work for me
Please, can you tell me about this code:

 * Scan directory and return file list, subdirectories, and total size for Full Mode.
function filefield_source_imce_custom_scan_full($dirname, &$imce) {
  // Get a list of files in the database for this directory.
  $sql_dir_name = $dirname == '.' ? file_directory_path() : file_directory_path() .'/'. $dirname;

  $result = db_query("SELECT filepath FROM {files} WHERE filepath LIKE '%s' AND filepath NOT LIKE '%s'", $sql_dir_name .'/%', $sql_dir_name .'/%/%');
  $db_files = array();
  while ($row = db_fetch_object($result)) {
    $db_files[basename($row->filepath)] = 1;

  // Get the default IMCE directory scan, then filter down to database files.
  $directory = imce_scan_directory($dirname);
  foreach ($directory['files'] as $filename => $file) {
    if (!isset($db_files[$filename])) {
      $directory['dirsize'] -= $file['size'];

  // Disable file operations for IMCE 6.x-1.x
  if (!module_hook('imce', 'file_references')) {
    filefield_source_imce_disable_perms($imce, array('browse', 'subnav'));

  return $directory;

Why apply filter to the default IMCE directory scan?
This is move lose files uploaded by FTP

ufku’s picture

Version: 6.x-1.4 » 7.x-1.x-dev
Category: bug » feature
Status: Active » Reviewed & tested by the community

@Draco, a file must be registered in db in order to be used in a file field. That's why there is a db filtering.
OTH, the patches in #27 do not aim to solve FTP file issue. They are provided to allow file operations in IMCE by introducing a Full Mode browser which has to be activated in field settings.

@quicksketch, can you please share your ideas on these patches? It's been a long time and many reviews. Any chance they can get committed?

Draco’s picture

Ok. Any ideas about loses FTP file issue?

ufku’s picture

I've created a sandbox project to solve all IMCE-filefield issues. It's a standalone module independent of filefield sources. I may promote it to a full project if it gets enough attention.

It's now a full project.

mariomaric’s picture

@ufku: so, your sandbox project is replacement for FileField Sources module when people want to use IMCE w/ FileField?

Cool, will try it this weekend..

garbo’s picture

@ ufku: I tested your sandbox a on 6.x and it seems to work well. Applied it together with the patch from #27.

mariomaric’s picture

@ufku: I posted my feedback in #1383988: "Add a new file" forms disappear issue..


kressin’s picture

File field works great with 7.12. Thanks a lot for the module, it was just what I needed. Great work. I am not sure if I missed the issue mentioned @#14 concerning deactivating standard upload and using IMCE instead. I had the issue of users uploading with standard upload and (of course) not finding the files in IMCE. It led to some confusion so I would like to bring up the topic again of a method to deactivate standard upload. Any ideas?

decibel.places’s picture


perhaps you could unset the upload with hook_form_alter

or hide it with CSS and/or jQuery (note: may not be standards-compliant for accessibility)

BioALIEN’s picture

My comments on #436182: IMCE lists unusable files (The selected file could not be used because the file does not exist in the database) are directly related to this issue. ufku seems to have a working solution so why not merge these patches into FileField Sources?

kerios83’s picture

Interesting idea.

mpotter’s picture

#27 working for me here on v7.12. Really seems like it's time to get this patch committed!

Just a minor whitespace issue:

filefield_sources-7.x-877452-27.patch:21: trailing whitespace.
      '#type' => 'radios', 
warning: 1 line adds whitespace errors.
ingram87’s picture

@kressin #56
I would like to see a way to remove the standard upload field/button and force the user to use IMCE as well

mpotter’s picture

Status: Reviewed & tested by the community » Needs review
6.62 KB

Actually, I have an important change to this patch:

Without Filefield Sources installed, IMCE shows all buttons (from various other modules, such as IMCE Tools as discussed in #40). After installing Filefield Sources, even with the patch in #27 installed, these buttons are removed by default, impacting other modules that hook into File Fields.

The proper operation of FileField Sources would be that File fields with no Sources selected should continue to work as they did before FileField Sources was installed. That can be accomplished with the patch in this issue if the default IMCE Mode is set to FULL instead of Restricted.

The patch included here is a simple re-roll of #27 with the default IMCE Mode set to Full instead of Restricted. This allows a site to continue working as expected after FileField Sources is installed.

Setting this back to Needs Review to allow more comments on this change of default behavior.

Andrew M Riley’s picture

The patch in #62 worked for me against dev. There was a warning about a trailing space on line 49 so I fixed it and re-rolled the patch.

Agileware’s picture

#63 works for me, thanks!

Ayesh’s picture

#63 + the patch at worked for me!

quicksketch’s picture

Status: Needs review » Fixed

Over a year later, I've finally committed ufku's #27. Sorry everyone I've been occupied with other modules. FileField Sources always was sort of an experiment that I thought was kind of cool but didn't think would be as popular as it became gain this much attention (and all the maintenance that entails).

Regarding @mpotter's #62 (and the followup #63) patch, IMCE *does* continue to behave exactly like before FileField Sources is installed, it's only that IMCE behaves more conservatively when used on a FileField. Since there isn't an IMCE browser on FileFields before FileField Source is enabled, there's no need to maintain consistency with something that didn't exist beforehand.

I still prefer the restricted mode and think it makes the most sense for FileField users, but since I last experimented with IMCE a lot of the caveats it used to have are now corrected. You can't just delete files that are in use elsewhere, it properly tracks its own file usages now, etc. I know ufku fixed those problems a *long* time ago, but I don't regularly use IMCE on my own sites to see the improvements.

In any case, committed to both branches. There will be a new release out later this week.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

Agileware’s picture

@quicksketch - any chance you can pls push out a release which includes this fix?

quicksketch’s picture

The 1.6 version includes these changes.

mxh’s picture

FileField Sources always was sort of an experiment that I thought was kind of cool but didn't think would be as popular as it became gain this much attention

Those ideas are often the big ones. Many thanks to your awesome work.