#6013 - Do not link directly to images/videos in gallery uploads folder
-
By PDStig
- Added
- 1 view
| Identifier | #6013 |
|---|---|
| Issue type | Feature request or suggestion |
| Title | Do not link directly to images/videos in gallery uploads folder |
| Status | Open |
| Tags |
Roadmap: Over the horizon (custom) |
| Handling member | Deleted |
| Addon | galleries |
| Description | There is a potential permissions leak. If someone knew the direct path to an image or video in a gallery, they could access it regardless of permissions.
We should ideally patch that: - Deny direct access to these files. - Add a data endpoint to access these files instead (which runs permissions checks) We may need to be careful of performance overhead doing this. |
| Steps to reproduce | |
| Funded? | No |
The system will post a comment when this issue is modified (e.g., status changes). To be notified of this, click "Enable comment notifications".
Comments
There have been no comments yet