CouchCMS • View topic - Secure Image Not Showing in Twitter Cards

Problems, need help? Have a tip or advice? Post it here.

10 posts Page 1 of 1

Secure Image Not Showing in Twitter Cards

: setiawanfarlin; Registered User

: Posts: 128; Joined: Mon Apr 25, 2016 1:15 pm

by setiawanfarlin » Sun Jun 04, 2017 10:12 pm

Hello there,

Im wondering how to change secure image link in couch with .jpg or .png extention in the last link.
Because on twitter card the secure image not showing the image correctly.

Thanks in advance.

Re: Secure Image Not Showing in Twitter Cards

: KK; Moderator

: Posts: 8622; Joined: Wed Dec 01, 2010 5:35 pm

by KK » Mon Jun 05, 2017 1:16 am

Hi,

There is no out of the box solution for this, I am sorry.
Perhaps you can try using .htaccess rules to map the securefile links to the format you desire.

Re: Secure Image Not Showing in Twitter Cards

: trendoman; Registered User

: Posts: 2847; Joined: Thu May 22, 2014 3:57 pm

by trendoman » Mon Jun 05, 2017 2:29 am

@KK, would a direct file path be a huge security hole?

Re: Secure Image Not Showing in Twitter Cards

: setiawanfarlin; Registered User

: Posts: 128; Joined: Mon Apr 25, 2016 1:15 pm

by setiawanfarlin » Tue Jun 06, 2017 4:40 am

KK wrote: Hi,

There is no out of the box solution for this, I am sorry.
Perhaps you can try using .htaccess rules to map the securefile links to the format you desire.

Thanks for the reply.

It's ok kk, i will try this one.

Thank you very much.

Re: Secure Image Not Showing in Twitter Cards

: setiawanfarlin; Registered User

: Posts: 128; Joined: Mon Apr 25, 2016 1:15 pm

by setiawanfarlin » Tue Jun 06, 2017 4:48 am

trendoman wrote: @KK, would a direct file path be a huge security hole?

Hello trendoman,

Same thought here, but at least i can try since no other way to do that.

Thanks for the respond.

Re: Secure Image Not Showing in Twitter Cards

: setiawanfarlin; Registered User

: Posts: 128; Joined: Mon Apr 25, 2016 1:15 pm

by setiawanfarlin » Tue Jun 06, 2017 5:09 am

setiawanfarlin wrote:
KK wrote: Hi,

There is no out of the box solution for this, I am sorry.
Perhaps you can try using .htaccess rules to map the securefile links to the format you desire.

How to do the htaccess hack KK? I dont have an idea at all:D

Thanks.

Re: Secure Image Not Showing in Twitter Cards

: KK; Moderator

: Posts: 8622; Joined: Wed Dec 01, 2010 5:35 pm

by KK » Tue Jun 06, 2017 3:41 pm

@trendoman

@KK, would a direct file path be a huge security hole?

The location of the folder storing the uploaded attachments will certainly be divulged but, I think, if we make sure that it is not browsable directly we should be ok (the names of all files uploaded using securefile will be hashed so one cannot access any simply by knowing the folder location).

To test it, try navigating to the 'attachments' folder (by default within 'couch/uploads' but the location can be changed from config). If you are not shown a listing of all contained files (you really shouldn't if the folder is in the original location), we can proceed. If, however, you do happen to get a listing, please place a .htaccess file within the folder containing the following line -

Code: Select all

Options -Indexes

Alternatively, simply copy 'couch/.htaccess' file and paste it into the 'attachments' folder as it contains the same directive.

OK, with that done, we can now use the 'un-obfuscated' links/paths of the uploaded files. Here is how we can do that -
Normally while working with securefiles, we use <cms:cloak_url> to output the links as follows

Code: Select all

<cms:show_securefile 'imagefile' >
    <cms:if file_is_image >
        <a href="<cms:cloak_url link=file_id />">
            <img src="<cms:cloak_url link=file_id  />" />
        </a>
    </cms:if>
</cms:show_securefile>

Substitute the <cms:cloak_url /> tag with <cms:securefile_link> tag as follows and you should now get the direct links to the files -

Code: Select all

<cms:show_securefile 'imagefile' >
    <cms:if file_is_image >
        <a href="<cms:securefile_link file_id />">
            <img src="<cms:securefile_link file_id />" />
        </a>
    </cms:if>
</cms:show_securefile>

Since this is the first reference to <cms:securefile_link> on the forum, allow me to take the opportunity to add more info about it (will serve as ad-hoc documentation).

Code: Select all

// securefile link uncloaked
<cms:securefile_link '32' /> 
<cms:securefile_link id='32' />  // http://somesite.com/couch/uploads/attachments/9e92db13d0cb40cb7003c070c3ce1dc7.jpg 
<cms:securefile_link id='32' physical_path='1' />  // W:/www/couch/uploads/attachments/9e92db13d0cb40cb7003c070c3ce1dc7.jpg 
<cms:securefile_link id='32' thumbnail='1' /> // ditto but for thumbnails
<cms:securefile_link id='32' thumbnail='1' physical_path='1' />

A real life example -

Code: Select all

<cms:show_securefile 'sfile' >
    <cms:if file_is_image >
        <cms:set my_image_link = "<cms:securefile_link file_id />" />
        <cms:set my_thumb_link = "<cms:securefile_link file_id  thumbnail='1' />" />
        
        <a href="<cms:show my_image_link />">
            <img src="<cms:show my_thumb_link />" />
        </a>
     <cms:else />   
        <cms:set my_file_link = "<cms:securefile_link file_id />" />
        <a href="<cms:show my_file_link />">
            Download <cms:show file_name />.<cms:show file_ext />
        </a>    
    </cms:if>
</cms:show_securefile>

@setiawanfarlin, please try using the real link for the images as shown above and let me know if it helps. Thanks.

P.S. If you happen to get a 'Tag not found error' while using this new tag, please download the latest version of Couch from GitHub -
https://github.com/CouchCMS/CouchCMS