Problem

With the 7.x-1.8 update I noticed that images from a taxonomy term image field are not rendering correctly, instead output url is /system/storage/serve/3637/banner-bg-managed-green.png
Images attached to nodes output the correct Rackspace CDN url.

The images work fine with all previous versions of Storage API.

How can I ensure that the taxonomy term image fields render correctly within the constraints of 7.x-1.8 security update, or should I just rollback to 7.x-1.7?

Thanks

Comments

waako created an issue.

Perignon’s picture

Perignon CreditAttribution: Perignon commented

The code changes in 1.8 are very, very small. So small they could not affect your issue without som other module coming into play. The changes in 1.8 are checking for permission to access a file.

waako’s picture

waako CreditAttribution: waako commented

Thanks for the reply, I appreciate the changes are small.

However, I wonder if in this case the change on line 433 of core_bridge/storage_core_bridge.module from if (!$file_usage || ($file_usage['type'] != 'node')) { to if (!$file_usage) { is causing the issue because of the way the banner is built:

  • Taxonomy term: Background colour
    • - Term title
    • - Term background colour image


  • Content type: Banner
    • - Banner title
    • - Banner front image
    • - Background image (term reference field)


  • View: Banner, outputs banner fields on seperate node type



I thought that maybe due to taxonomy terms having no access control and that it is attached to the node, removing the $file_usage['type'] != 'node' would stop it displaying?
If I restore that line to what it was in 1.7 then the taxonomy term image displays without any problem.

Thanks for your time, really appreciate it.

Perignon’s picture

Perignon CreditAttribution: Perignon commented

Potentially. Your field is attached to an entity that is not of type node. Before 1.8, there were only security checks on fields displayed on nodes, this could have created serious security issues on websites. Version 1.8 sealed up this security hole. Before 1.8 your field passed through without being checked, now every field (except styled images) are verified. Is this a styled image?

I would check the settings on the field for the taxonomy entities in Storage API. Make sure they are correct for what you need. Most notably, see if there is access protection enabled.

One thing to note, the Rackspace code is old. It uses the old version of the API. It has not been updated because they did not offer a free level of account to use at the time I was working on updates. That may have changed now.