[Bug 25227] New: Hotlinks to files work for users who can't display the [restricted] file description

bugzilla-daemon Mon, 20 Sep 2010 10:18:55 -0700

https://bugzilla.wikimedia.org/show_bug.cgi?id=25227


           Summary: Hotlinks to files work for users who can't display the
                    [restricted] file description
           Product: MediaWiki extensions
           Version: any
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: major
          Priority: Normal
         Component: SimpleSecurity
        AssignedTo: a...@organicdesign.co.nz
        ReportedBy: federicol...@tiscali.it


E.g. http://www.wikimedia.it/index.php/File:IntervisteMantova2010.mp3 is
restricted (log:
http://www.wikimedia.it/index.php?title=Speciale:Registri&page=File%3AIntervisteMantova2010.mp3
) but you can still download it from even as a logged out user:
http://www.wikimedia.it/images/IntervisteMantova2010.mp3
This should be the problem mentioned here:
http://www.mediawiki.org/wiki/Extension_talk:SimpleSecurity#Security_bug_for_files

-- 
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

_______________________________________________
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 25227] New: Hotlinks to files work for users who can't display the [restricted] file description

Reply via email to