Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Problem
With the 7.x-1.8 update I noticed that images from a taxonomy term image field are not rendering correctly, instead output url is /system/storage/serve/3637/banner-bg-managed-green.png
Images attached to nodes output the correct Rackspace CDN url.
The images work fine with all previous versions of Storage API.
How can I ensure that the taxonomy term image fields render correctly within the constraints of 7.x-1.8 security update, or should I just rollback to 7.x-1.7?
Thanks
Comments
Comment #2
Perignon CreditAttribution: Perignon commentedThe code changes in 1.8 are very, very small. So small they could not affect your issue without som other module coming into play. The changes in 1.8 are checking for permission to access a file.
Comment #3
waako CreditAttribution: waako commentedThanks for the reply, I appreciate the changes are small.
However, I wonder if in this case the change on line 433 of core_bridge/storage_core_bridge.module from
if (!$file_usage || ($file_usage['type'] != 'node')) {
toif (!$file_usage) {
is causing the issue because of the way the banner is built:I thought that maybe due to taxonomy terms having no access control and that it is attached to the node, removing the
$file_usage['type'] != 'node'
would stop it displaying?If I restore that line to what it was in 1.7 then the taxonomy term image displays without any problem.
Thanks for your time, really appreciate it.
Comment #4
Perignon CreditAttribution: Perignon commentedPotentially. Your field is attached to an entity that is not of type node. Before 1.8, there were only security checks on fields displayed on nodes, this could have created serious security issues on websites. Version 1.8 sealed up this security hole. Before 1.8 your field passed through without being checked, now every field (except styled images) are verified. Is this a styled image?
I would check the settings on the field for the taxonomy entities in Storage API. Make sure they are correct for what you need. Most notably, see if there is access protection enabled.
One thing to note, the Rackspace code is old. It uses the old version of the API. It has not been updated because they did not offer a free level of account to use at the time I was working on updates. That may have changed now.