[Bug 34231] New: Make thumb.php reject/redirect for urls with bogus paths but valid file & thumb names

bugzilla-daemon Mon, 06 Feb 2012 11:36:44 -0800

https://bugzilla.wikimedia.org/show_bug.cgi?id=34231


       Web browser: ---
             Bug #: 34231
           Summary: Make thumb.php reject/redirect for urls with bogus
                    paths but valid file & thumb names
           Product: MediaWiki
           Version: 1.19-svn
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: Unprioritized
         Component: Images and files
        AssignedTo: [email protected]
        ReportedBy: [email protected]
                CC: [email protected], [email protected]
    Classification: Unclassified


>From IRC:
[11:28]    AaronSchulz    domas:
https://upload.wikimedia.org/wikipedia/commons/thumb/x/xx/Little_kitten_.jpg/799px-Little_kittenajsdhfa_.jpg
[11:28]    AaronSchulz    hehe, file deletion won't purge that I bet
[11:28]    AaronSchulz    it sends the purge URLs based on the actual relative
path, not that fake one I posted with fake hash dirs
[11:29]    AaronSchulz    one could upload pr0n and hotlink to thumbs for days
without them going away even if the source file was deleted

thumb.php should redirect or give an error in such cases.

-- 
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are on the CC list for the bug.

_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 34231] New: Make thumb.php reject/redirect for urls with bogus paths but valid file & thumb names

Reply via email to