View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0009454||mantisbt||preferences||public||2008-07-30 03:27||2008-08-03 03:01|
|Summary||0009454: upload a file with his name or a hash conversion ?|
I change the code in core\file_api.php in line 632 (version 1.1.1) to store the file with its real name, not with a hash.
Is it possible to allow this or not by a parameters in config.inc.php ?
my code :
|Tags||No tags attached.|
Filenames for uploads were hashed to prevent access to specific files if the web server security was compromised.
Ok, I saw the bug 0003540.
For any users of my society, they need to organize the structure of the directorys in clear.
So I think it will be an interesting parameter...
As for me, I have changed file_api.php code to ADD hash to the real file name: so probably (or I'm wrong?) nobody can guess full filename and access is prevented, but on the other side I can find a file by its name.
Great and good ideae. Why not propose the format of the file to store in config.inc.php ?
|2008-07-30 03:27||nico95||New Issue|
|2008-07-30 22:59||thraxisp||Note Added: 0018948|
|2008-07-30 22:59||thraxisp||Relationship added||related to 0003540|
|2008-07-31 03:22||nico95||Note Added: 0018949|
|2008-07-31 09:52||VYu||Note Added: 0018957|
|2008-08-03 03:01||nico95||Note Added: 0019012|