Skip to content

Media firewall 3: Introduce media subhashes #7195

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 3 commits into
base: v5/develop
Choose a base branch
from
Draft

Media firewall 3: Introduce media subhashes #7195

wants to merge 3 commits into from

Conversation

lukasbestle
Copy link
Member

Description

Summary of changes

  • Inside the media hash directory (/media/site/abcdefghij-1234567890), there is now another directory layer (e.g. /media/site/abcdefghij-1234567890/bcdefghija) to separate all individual files (the original and each thumb)
  • Transitional code is added so that all old media URLs stay valid until v6 (these are automatically redirected to the new URLs)
  • Existing media files and thumbs are automatically migrated to their new locations to avoid having to regenerate them

Reasoning

  • Prevent access to file versions (especially originals but also different thumb variants) by guessing the media URL (so far if you e.g. had /media/site/abcdefghij-1234567890/file-120x.jpg you could change the filename to file.jpg to access the original, which may not be intended by devs).
  • Using another directory layer makes sure that the filenames stay clean and don't need to include generated hashes.

Additional context

With the transitional and migration code, there shouldn't be a breaking impact to sites. But since there is already a lot going on in v5, I suggest we include this PR in 5.1 or 5.x. This ensures that users upgrading to v5 with a lot of media files and thumbs don't immediately run into performance problems when all those files are migrated.

Changelog

Enhancements

  • It is no longer possible to guess other URLs to file versions (uploaded file originals and their thumbnails) from a thumbnail URL.

Deprecated

  • The URL structure of media files (file URLs and thumb URLs) has changed. The old URL structure is still supported for now, but will be dropped in Kirby 6.

Breaking changes

None

Docs

None

Ready?

  • In-code documentation (wherever needed)
  • More robust migration code (currently not safe against race conditions when multiple requests migrate the same files at the same time)
  • Unit tests for fixed bug/feature
  • Tests and CI checks all pass

For review team

  • Add changes & docs to release notes draft in Notion

@lukasbestle lukasbestle added this to the 5.1.0 milestone May 10, 2025
@lukasbestle lukasbestle self-assigned this May 10, 2025
@lukasbestle lukasbestle added needs: delay ⏳️ Requires more time, on hold needs: tests 🧪 Requires missing tests labels May 10, 2025
@lukasbestle lukasbestle mentioned this pull request May 10, 2025
Merged
4 tasks
@lukasbestle lukasbestle force-pushed the v5/feature/media-firewall-2 branch from 8ca8ef4 to 0791516 Compare May 10, 2025 17:23
@lukasbestle
Introduce media subhashes
c59e26d 
Ensures that media URLs of different file versions or the original file cannot be guessed
@lukasbestle
Transitional code for 5.x
1f5ed8b
@lukasbestle lukasbestle force-pushed the feature/media-firewall-3 branch from 0a8c96e to 1f5ed8b Compare May 10, 2025 17:25
@bastianallgeier bastianallgeier force-pushed the v5/feature/media-firewall-2 branch from 0791516 to 5221bfc Compare May 13, 2025 13:02
Base automatically changed from v5/feature/media-firewall-2 to v5/develop May 14, 2025 10:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@lukasbestle lukasbestle

Labels
needs: delay ⏳️ Requires more time, on hold needs: tests 🧪 Requires missing tests
Milestone
5.1.0
Development

Successfully merging this pull request may close these issues.
1 participant
@lukasbestle