On Fri, 5 Aug 2005 drupal@dave-cohen.com wrote:
On Tue, 2 Aug 2005 20:18:59 +0200, "Gerhard Killesreiter" <killesreiter@physik.uni-freiburg.de> said:
On Tue, 2 Aug 2005, David Cohen wrote:
My problem is the uploaded files. By default, anyone can download the files uploaded via flexinode. I never show an anonymous user the link to a flash file, but if they type "system/files?file=private-file.swf" in the URL, they'll be able to download it anyway.
IIRC this was fixed a while ago.
I didn't mean to say its a shortcoming of Drupal core, but rather of flexinode, that any file uploaded via flexinode can be downloaded by anyone.
That is what I meant: http://cvs.drupal.org/viewcvs/drupal/contributions/modules/flexinode/flexino... See the commits to 1.49, 1.46.2.2, 1.36.2.5 Cheers, Gerhard