Platinum sponsors
Extension Key: alternet_securelink
Copyright 2000-2002, alterNET, <typo3@alternet.nl>
This document is published under the Open Content License
available from http://www.opencontent.org/opl.shtml
The content of this document is related to TYPO3
- a GNU/GPL CMS/Framework available from www.typo3.com
Note: This extension was originally made by Christian Zenz, but altered by alterNET to work with TYPO3 4.0
Important: This extension only work for links to the fileadmin folder in a "Typical page content", not for the
"Special element -> FileLinks" !!!
In the default installation of typo3 every user can download files within the fileadmin folder when he knows
the path to a file.
In our environment was a demant to dispatch documents only to authorized users.
The extension wrap every link in a tt_content (text,...) to the fileadmin folder at the rendering process. A link
is wrapped into a link to the pushFile.php script with the content id and the orginal file path as parameter.
Example:
Wrap:<a href="/fileadmin/file.txt">filename</a> to:<a href="/typo3conf/ext/alternet_securelink/pushFile.php?cuid=123&file=fileadmin%2Ffile.txt">filename</a>
The pushFile.php script test, if the access to the content element with id 'cuid' grant (check also the root path
for access and hidden pages) and if the content not hidden. It tests also, if the filepath who, get as parameter
'file', exist in the tt_content with id 'cuid'. Was the test successful, then the script read the file and push it
to the browser. The user get the standart dialog for open or safe the file.
The extension doesn`t manipulate anything in and at the database!!!
Don't forget to deny the direct accsess to the fileadmin folder!
Thats it.
If you found bugs, pleas send us feedback.
mailto: typo3@alternet.nl
