[drupal-devel] restricting access to file downloads with flexinode
Gerhard Killesreiter
killesreiter at physik.uni-freiburg.de
Fri Aug 5 17:37:21 UTC 2005
On Fri, 5 Aug 2005 drupal at dave-cohen.com wrote:
> On Tue, 2 Aug 2005 20:18:59 +0200, "Gerhard Killesreiter"
> <killesreiter at physik.uni-freiburg.de> said:
> >
> >
> > On Tue, 2 Aug 2005, David Cohen wrote:
> >
> > > My problem is the uploaded files. By default, anyone can download the
> > > files uploaded via flexinode. I never show an anonymous user the link
> > > to a flash file, but if they type "system/files?file=private-file.swf"
> > > in the URL, they'll be able to download it anyway.
> >
> > IIRC this was fixed a while ago.
>
> I didn't mean to say its a shortcoming of Drupal core, but rather of
> flexinode, that any file uploaded via flexinode can be downloaded by
> anyone.
That is what I meant:
http://cvs.drupal.org/viewcvs/drupal/contributions/modules/flexinode/flexinode.module?rev=1.50&view=log
See the commits to 1.49, 1.46.2.2, 1.36.2.5
Cheers,
Gerhard
More information about the drupal-devel
mailing list