diff --git a/docs/en/02_Developer_Guides/14_Files/05_File_Migration.md b/docs/en/02_Developer_Guides/14_Files/05_File_Migration.md index 1dcaa2f2b..9dcb0d3d7 100644 --- a/docs/en/02_Developer_Guides/14_Files/05_File_Migration.md +++ b/docs/en/02_Developer_Guides/14_Files/05_File_Migration.md @@ -108,6 +108,28 @@ Note that any File object which is not in the `File.allowed_extensions` config w from the database during migration. Any invalid file on the filesystem will not be deleted, but will no longer be attached to a dataobject anymore, and should be cleaned up manually. + +### If you were using the versionedfiles on your 3.x site + +If you have had [versionedfiles](https://github.com/symbiote/silverstripe-versionedfiles) module installed, it is very important to run +an extra task that would clean up the `_versions` folders. Otherwise, files in those folders may be left exposed to public access +through your web server via guessable URLs. This includes all the unpublished versions of your files. + +The task for the job is `VersionedFilesMigrationTask`, and you may run it as follows: + +`$ vendor/bin/sake dev/tasks/migrate-versionedfiles strategy=[delete|protect]` + +Before you run it, it is important to choose an appropriate strategy that suits your project best. + + - `delete` (default) - delete all `_versions` folders + - `protect` - create a protective `.htaccess` file in every `_versions` folder (Apache specific) + +If you choose `delete`, it may be wise to take a snapshot of your `public/assets` folder. +Shall you consider `protect` as the method, please beware that it may not always work, depending on your server setup. +In that case it is important to make sure your web server is Apache and that it allows `.htaccess` for all subfolders. + +## Automatic migration + To disable this, set the following config: ```yaml