https://bugzilla.wikimedia.org/show_bug.cgi?id=17572
Summary: Files downloadable w/o auth
Product: MediaWiki
Version: 1.14.0rc1
Platform: PC
OS/Version: Linux
Status: NEW
Severity: major
Priority: Normal
Component: Images
AssignedTo: wikibugs-l@lists.wikimedia.org
ReportedBy: paul.marc...@verizon.net
I have mediawiki setup with SecurID authentication. Everything appeared to
work fine until the other day when someone sent the file location on the server
instead of the URL of the page the file could be downloaded from. No
authentication was needed and the file could be downloaded.
To try to make it clearer. Normally to download a file from the wiki I would
send the following - a link to the page the file was on:
https://myserver.com/info/Prototype_Monthly_Vuln
And say to download the appropriate file from the page. No problem.
Authetication was needed.
If instead I send a link to the file:
https://myserver.com/myserver/images/5/5a/filetodownload.fs.2009-01-22.csv
A person just has to click on the link and the file will download, no
authentication needed.
Any help you can give would be greatly appreciated.
--
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
