https://bugzilla.wikimedia.org/show_bug.cgi?id=56178
--- Comment #9 from dan <[email protected]> --- • js-error-output: https://gerrit.wikimedia.org/r/#/c/98686/ • mime-type: https://gerrit.wikimedia.org/r/#/c/98725/ • table-create: https://gerrit.wikimedia.org/r/#/c/98735/ • sanitizer-escape-id: https://gerrit.wikimedia.org/r/#/c/98742/ • derivative-request: https://gerrit.wikimedia.org/r/#/c/98807/ • augmentAllowedExtensions: https://gerrit.wikimedia.org/r/#/c/98812/ • PreviewForm: https://gerrit.wikimedia.org/r/#/c/98825/ • FOR_PUBLIC: https://gerrit.wikimedia.org/r/#/c/98835/ • original-post: https://gerrit.wikimedia.org/r/#/c/98846/ MetadataMappingHandler.php -------------------------- no access control on who can access files in the backend. as far as i can tell there is no way to restrict MediaWiki User access similar to the way UploadStash does. the only “security” i’ve seen is via the FileBackend->prepare() and FileBackend->secure() methods. the code is already implementing the prepare() method. 1. is there a way to secure the files per User? 2. is that necessary? 3. if there’s no way to do it yet and it’s necessary, how do we move forward? -- You are receiving this mail because: You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
