mirror of
https://github.com/silverstripe/silverstripe-dms
synced 2024-10-22 14:05:56 +02:00
ENHANCEMENT: protecting the "dms-assets" folder from web access
This commit is contained in:
parent
c44434d498
commit
c571d5bc8d
13
code/DMS.php
13
code/DMS.php
@ -6,7 +6,6 @@ class DMS implements DMSInterface {
|
|||||||
//How many documents to store in a single folder. The square of this number is the maximum number of documents.
|
//How many documents to store in a single folder. The square of this number is the maximum number of documents.
|
||||||
//The number should be a multiple of 10
|
//The number should be a multiple of 10
|
||||||
static $dmsFolderSize = 1000;
|
static $dmsFolderSize = 1000;
|
||||||
static $dmsPath; //DMS path set on creation
|
|
||||||
static $modelClass = 'DMSDocument';
|
static $modelClass = 'DMSDocument';
|
||||||
|
|
||||||
static function set_model_class($className){
|
static function set_model_class($className){
|
||||||
@ -20,10 +19,18 @@ class DMS implements DMSInterface {
|
|||||||
* @return DMSInterface An instance of the Document Management System
|
* @return DMSInterface An instance of the Document Management System
|
||||||
*/
|
*/
|
||||||
static function getDMSInstance() {
|
static function getDMSInstance() {
|
||||||
self::$dmsPath = BASE_PATH . DIRECTORY_SEPARATOR . self::$dmsFolder;
|
$dmsPath = self::get_DMS_path();
|
||||||
|
|
||||||
$dms = new DMS();
|
$dms = new DMS();
|
||||||
self::createStorageFolder(self::get_DMS_path());
|
if (!is_dir($dmsPath)) {
|
||||||
|
self::createStorageFolder($dmsPath);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!file_exists($dmsPath . DIRECTORY_SEPARATOR . '.htaccess')) {
|
||||||
|
//restrict access to the storage folder
|
||||||
|
copy(BASE_PATH . DIRECTORY_SEPARATOR . 'dms' . DIRECTORY_SEPARATOR . 'resources' . DIRECTORY_SEPARATOR . '.htaccess', $dmsPath . DIRECTORY_SEPARATOR . '.htaccess');
|
||||||
|
copy(BASE_PATH . DIRECTORY_SEPARATOR . 'dms' . DIRECTORY_SEPARATOR . 'resources' . DIRECTORY_SEPARATOR . 'web.config', $dmsPath . DIRECTORY_SEPARATOR . 'web.config');
|
||||||
|
}
|
||||||
return $dms;
|
return $dms;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
3
resources/.htaccess
Normal file
3
resources/.htaccess
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
<Files *>
|
||||||
|
Deny From All
|
||||||
|
</Files>
|
6
resources/web.config
Normal file
6
resources/web.config
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
<system.web>
|
||||||
|
<authorization>
|
||||||
|
<allow users="username">
|
||||||
|
<deny users="*"/>
|
||||||
|
</authorization>
|
||||||
|
</system.web>
|
Loading…
Reference in New Issue
Block a user