[development] re: imagefield / imagecache
Darrel O'Pry
dopry at thing.net
Fri Jul 7 14:14:37 UTC 2006
On Fri, 2006-07-07 at 10:04 -0400, Moshe Weitzman wrote:
> > *note: recent security fixes seems to have broken the preview feature in
> > 'imagefield' when using clean urls. To enable previews, in the .htaccess
> > in your files directory, comment out RewriteEngine Off, and add
> > +FollowSymlinks to the Options line.
>
> if possible, please elaborate on the security implications of this.
I'm not sure of the security implications. I can't see how turning off
rewrite rules for that folder, or setting options to None has any impact
on the file/mime mapping problems that were occurring. I think with the
handler alone you're still covered, and the rewrite and Options line
were added salt for good measure.
Someone on the sec team correct me if I am wrong.
More information about the development
mailing list