harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

SECURITY: provide option to disable the cloud 'root' directory and make the cloud module require a target channel nickname. This is a low impact change as there is currently no disclosure of private information. The presence of a file browser for all the channels on the site could be (and is reported to be) a concern to some people and there is no reason why it shouldn't be optional.

Browse Source
This commit is contained in:
zotlabs
2018-06-13 20:27:10 -07:00
parent 65cbc7c2bb
commit b5e4a5f51c
3 changed files with 15 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
Zotlabs/Module/Cloud.php
View File

@@ -35,11 +35,20 @@ class Cloud extends \Zotlabs\Web\Controller {
if (argc() > 1)
$which = argv(1);
if (argc() < 2 && intval(get_config('system','cloud_disable_siteroot'))) {
notice( t('Permission denied.') . EOL);
construct_page();
killme();
}
$profile = 0;
if ($which)
profile_load( $which, $profile);
$auth = new \Zotlabs\Storage\BasicAuth();
$ob_hash = get_observer_hash();