Last modified: 2011-04-30 01:16:48 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T19572, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 17572 - Files downloadable w/o auth
Files downloadable w/o auth
Status: RESOLVED INVALID
Product: MediaWiki
Classification: Unclassified
File management (Other open bugs)
1.14.x
PC Linux
: Normal major (vote)
: ---
Assigned To: Nobody - You can work on this!
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2009-02-19 17:21 UTC by Paul Marcus
Modified: 2011-04-30 01:16 UTC (History)
1 user (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Paul Marcus 2009-02-19 17:21:35 UTC 
I have mediawiki setup with SecurID authentication.  Everything appeared to work fine until the other day when someone sent the file location on the server instead of the URL of the page the file could be downloaded from.  No authentication was needed and the file could be downloaded.

To try to make it clearer.  Normally to download a file from the wiki I would send the following - a link to the page the file was on:

https://myserver.com/info/Prototype_Monthly_Vuln

And say to download the appropriate file from the page.  No problem.  Authetication was needed.

If instead I send a link to the file:


https://myserver.com/myserver/images/5/5a/filetodownload.fs.2009-01-22.csv

A person just has to click on the link and the file will download, no authentication needed.

Any help you can give would be greatly appreciated.
Comment 1 Alexandre Emsenhuber [IAlex] 2009-02-19 20:42:16 UTC 
There's already an help page for that: http://www.mediawiki.org/wiki/Manual:Image_Authorization
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links