Hamish,
I have setup a secured folder using your Secure Files module. I login with a user with access permissions to this secured folder and try to download an image within this folder. Next, the file is downloaded like thumb1.jpg.html (with html behind it) and when I open that html file I can see the error message below:
[Notice] ob_flush() [ref.outcontrol]: failed to flush buffer. No buffer to flush.
GET /mywebsite.com/www/assets/Secure-folder/thumb1.jpg
Line 170 in /Sites/mywebsite.com/www/securefiles/code/SecureFileController.php
Source
161 header("Content-Length: {$file_size}");
162 header("Pragma: ");
163
164 if(self::$use_x_sendfile) {
165 session_write_close();
166 header('X-Sendfile: '.$file_path);
167 exit();
168 } elseif($filePointer = fopen($file_path, 'rb')) {
169 session_write_close();
170 ob_flush();
171 flush();
172 // Push the file while not EOF and connection exists
173 while(!feof($filePointer) && !connection_aborted()) {
174 print(fread($filePointer, 1024 * self::$chuck_size_kb));
175 ob_flush();
176 flush();
I have tested this with the following Secure Files _config.php:
<?php
/**
* Secure Files Module Configuration
*
* @package securefiles
* @author Hamish Campbell <hn.campbell@gmail.com>
* @copyright copyright (c) 2010, Hamish Campbell
*/
Director::addRules(50, array(ASSETS_DIR . '/$Action' => 'SecureFileController'));
AssetAdmin::require_css('securefiles/css/SecureFiles.css');
// -------------------------------
/**
* Apply optional permission methods here. Include them in the reverse
* order that you would like them to appear in the CMS.
*/
// Assign file security by individual member:
DataObject::add_extension('File', 'SecureFileMemberPermissionDecorator');
// Assign file security by member group:
DataObject::add_extension('File', 'SecureFileGroupPermissionDecorator');
// Create time-limited access tokens:
// DataObject::add_extension('File', 'SecureFileTokenPermissionDecorator');
// -------------------------------
DataObject::add_extension('File', 'SecureFileDecorator');
/**
* For large files or heavily trafficed sites use x-sendfile headers to by-pass
* file handling in PHP. Supported in lighttpd and in Apache with mod_xsendfile
* available at http://tn123.ath.cx/mod_xsendfile/
*/
// SecureFileController::use_x_sendfile_method();
/**
* For testing or debug purposes, you can force this module to use the internal
* Sapphire send file method. Not recommended for production sites.
*/
// SecureFileController::use_ss_sendfile_method();
PS. Am on localhost:8888 using MAMP.