[development] re: imagefield / imagecache

Darrel O'Pry dopry at thing.net
Fri Jul 7 14:14:37 UTC 2006

On Fri, 2006-07-07 at 10:04 -0400, Moshe Weitzman wrote:
> > *note: recent security fixes seems to have broken the preview feature in
> > 'imagefield' when using clean urls. To enable previews, in the .htaccess
> > in your files directory, comment out RewriteEngine Off, and add
> > +FollowSymlinks to the Options line. 
> if possible, please elaborate on the security implications of this.

I'm not sure of the security implications. I can't see how turning off
rewrite rules for that folder, or setting options to None has any impact
on the file/mime mapping problems that were occurring.  I think with the
handler alone you're still covered, and the rewrite and Options line
were added salt for good measure.

Someone on the sec team correct me if I am wrong.

More information about the development mailing list