View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0006013 | Composr | galleries | public | 2024-10-23 22:19 | 2024-10-30 04:44 |
| Reporter | Patrick Schmalstig | Assigned To | |||
| Severity | Feature-request | ||||
| Status | non-assigned | Resolution | open | ||
| Product Version | |||||
| Fixed in Version | |||||
| Summary | 0006013: Do not link directly to images/videos in gallery uploads folder | ||||
| Description | There is a potential permissions leak. If someone knew the direct path to an image or video in a gallery, they could access it regardless of permissions. We should ideally patch that: - Deny direct access to these files. - Add a data endpoint to access these files instead (which runs permissions checks) We may need to be careful of performance overhead doing this. | ||||
| Tags | Roadmap: Over the horizon | ||||
| Time estimation (hours) | |||||
| Sponsorship open | |||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2024-10-23 22:19 | Patrick Schmalstig | New Issue | |
| 2024-10-23 22:19 | Patrick Schmalstig | Tag Attached: Roadmap: Over the horizon |
