github: shadowy octopus with the head of a robot, emblazoned with the Dreamwidth swirl (Default)
github ([personal profile] github) wrote in [site community profile] changelog2017-02-07 05:43 pm

[dreamwidth/dw-free] 658174: [#1940] don't allow offsite loading of images

Branch: refs/heads/develop
Home: https://github.com/dreamwidth/dw-free
Commit: 658174ec36417d60e6932914460de80a597ee66f
https://github.com/dreamwidth/dw-free/commit/658174ec36417d60e6932914460de80a597ee66f
Author: Kareila <kareila@dreamwidth.org>
Date: 2017-02-07 (Tue, 07 Feb 2017)

Changed paths:
M cgi-bin/DW/Controller/Media.pm

Log Message:
-----------
[#1940] don't allow offsite loading of images

Check the page referer and only load if it's a page on
our site or a bare image URL.


Commit: 01f2dc69143ea6b2b96212cee077ac42220f56ba
https://github.com/dreamwidth/dw-free/commit/01f2dc69143ea6b2b96212cee077ac42220f56ba
Author: Kareila <kareila@dreamwidth.org>
Date: 2017-02-07 (Tue, 07 Feb 2017)

Changed paths:
M cgi-bin/DW/Controller/API/Media.pm
M cgi-bin/DW/EmailPost/Entry.pm
M cgi-bin/DW/Media.pm
M etc/config.pl

Log Message:
-----------
[#1940] image upload quotas

New usercap 'media_file_quota' which is 500 (MB) by default.

New methods for checking usage and quota in DW::Media.

New user method, can_upload_media, which is false if you've
gone over quota, true otherwise.

Added can_upload_media checks to the two places in the code
where upload_media is called.

Fixes #1940.


Commit: 5ef9d6b808677812834d7fb93228f6470aa4780d
https://github.com/dreamwidth/dw-free/commit/5ef9d6b808677812834d7fb93228f6470aa4780d
Author: Mark Smith <mark@qq.is>
Date: 2017-02-07 (Tue, 07 Feb 2017)

Changed paths:
M cgi-bin/DW/Controller/API/Media.pm
M cgi-bin/DW/Controller/Media.pm
M cgi-bin/DW/EmailPost/Entry.pm
M cgi-bin/DW/Media.pm
M etc/config.pl

Log Message:
-----------
Merge pull request #1960 from kareila/1940-media-limit

enforce limits for media (photo) usage


Compare: https://github.com/dreamwidth/dw-free/compare/c95821c146fd...5ef9d6b80867