7 Jul
2006
7 Jul
'06
4:14 p.m.
On Fri, 2006-07-07 at 10:04 -0400, Moshe Weitzman wrote:
*note: recent security fixes seems to have broken the preview feature in 'imagefield' when using clean urls. To enable previews, in the .htaccess in your files directory, comment out RewriteEngine Off, and add +FollowSymlinks to the Options line.
if possible, please elaborate on the security implications of this.
I'm not sure of the security implications. I can't see how turning off rewrite rules for that folder, or setting options to None has any impact on the file/mime mapping problems that were occurring. I think with the handler alone you're still covered, and the rewrite and Options line were added salt for good measure. Someone on the sec team correct me if I am wrong.