search

Karmabunny / sprout3

SproutCMS: content management and framework
http://getsproutcms.com
GNU General Public License v2.0
24 stars 3 forks source link

Form builder upload improvements #25

Open carbsrule opened 7 years ago

carbsrule commented 7 years ago

@TheJosh says:

  • [ ] Support storing files in protected storage (i.e. they can't be accessed via a public URL like http://server/files/form_submissions/* with no authentication)
  • [ ] Do something about images with giant dimensions -- they are probably OK; we just can't show a thumbnail preview because the server will run out of memory if it attempts to do so.
carbsrule commented 7 years ago

@andrew-kb says:

Support storing files in protected storage nginx supports [https://www.nginx.com/resources/wiki/start/topics/examples/x-accel/](X-Accel headers) for internal redirection to protected directories which would provide excellent performance for this feature. All the normal HTTP features are supported, e.g. range headers, without all the overhead of PHP pass-through.

e.g. in nginx.conf

location /secure {
    internal;
    root /path/to/some/normally/inaccessible/files;
}

PHP Controller or whatever

<?php
$file = getFileFromWhatever($_GET['whatever']);
/* Some logic to stop the wrong people from accessing the file */

header('X-Accel-Redirect: /secure/' . $file['path']);
header('X-Accel-Buffering: no');
carbsrule commented 7 years ago

Sounds alright but obviously needs to handle the files itself for other web servers

carbsrule commented 7 years ago

@TheJosh says:

I've got code hanging around for handling the HTTP 'Range:' header.

This makes downloading of large files MUCH more possible.