- 🇮🇹Italy Giuseppe87
I've updated the #5 patch, adding the deletion of the file after the send.
Otherwise the physical file would be still accessibile with the direct link to anyone.This also require the removal of
// If zip file is already present and node is not been changed since // Then just stream it directly. if (file_exists($file_path)) { $file_last_modified = filemtime($file_path); $node_changed = $node->getChangedTime(); if ($node_changed < $file_last_modified) { return $this->streamZipFile($file_path); } }Which definitely make the download less optimized.
I don't know if it would be worthy - and if it's possible - to have 2 different logic in case of public and private field files.
Being a 5 years old (security) issue, I'm putting in Needs Review, hoping it will move more quickly.