![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
![[site community profile]](https://www.dreamwidth.org/img/comm_staff.png){kind=small}
[dreamwidth/dw-free] 658174: [#1940] don't allow offsite loading of images
Branch: refs/heads/develop
Home: https://github.com/dreamwidth/dw-free
Commit: 658174ec36417d60e6932914460de80a597ee66f
https://github.com/dreamwidth/dw-free/commit/658174ec36417d60e6932914460de80a597ee66f
Author: Kareila <kareila@dreamwidth.org>
Date: 2017-02-07 (Tue, 07 Feb 2017)
Changed paths:
M cgi-bin/DW/Controller/Media.pm
Log Message:
-----------
[#1940] don't allow offsite loading of images
Check the page referer and only load if it's a page on
our site or a bare image URL.
Commit: 01f2dc69143ea6b2b96212cee077ac42220f56ba
https://github.com/dreamwidth/dw-free/commit/01f2dc69143ea6b2b96212cee077ac42220f56ba
Author: Kareila <kareila@dreamwidth.org>
Date: 2017-02-07 (Tue, 07 Feb 2017)
Changed paths:
M cgi-bin/DW/Controller/API/Media.pm
M cgi-bin/DW/EmailPost/Entry.pm
M cgi-bin/DW/Media.pm
M etc/config.pl
Log Message:
-----------
[#1940] image upload quotas
New usercap 'media_file_quota' which is 500 (MB) by default.
New methods for checking usage and quota in DW::Media.
New user method, can_upload_media, which is false if you've
gone over quota, true otherwise.
Added can_upload_media checks to the two places in the code
where upload_media is called.
Fixes #1940.
Commit: 5ef9d6b808677812834d7fb93228f6470aa4780d
https://github.com/dreamwidth/dw-free/commit/5ef9d6b808677812834d7fb93228f6470aa4780d
Author: Mark Smith <mark@qq.is>
Date: 2017-02-07 (Tue, 07 Feb 2017)
Changed paths:
M cgi-bin/DW/Controller/API/Media.pm
M cgi-bin/DW/Controller/Media.pm
M cgi-bin/DW/EmailPost/Entry.pm
M cgi-bin/DW/Media.pm
M etc/config.pl
Log Message:
-----------
Merge pull request #1960 from kareila/1940-media-limit
enforce limits for media (photo) usage
Compare: https://github.com/dreamwidth/dw-free/compare/c95821c146fd...5ef9d6b80867
Home: https://github.com/dreamwidth/dw-free
Commit: 658174ec36417d60e6932914460de80a597ee66f
https://github.com/dreamwidth/dw-free/commit/658174ec36417d60e6932914460de80a597ee66f
Author: Kareila <kareila@dreamwidth.org>
Date: 2017-02-07 (Tue, 07 Feb 2017)
Changed paths:
M cgi-bin/DW/Controller/Media.pm
Log Message:
-----------
[#1940] don't allow offsite loading of images
Check the page referer and only load if it's a page on
our site or a bare image URL.
Commit: 01f2dc69143ea6b2b96212cee077ac42220f56ba
https://github.com/dreamwidth/dw-free/commit/01f2dc69143ea6b2b96212cee077ac42220f56ba
Author: Kareila <kareila@dreamwidth.org>
Date: 2017-02-07 (Tue, 07 Feb 2017)
Changed paths:
M cgi-bin/DW/Controller/API/Media.pm
M cgi-bin/DW/EmailPost/Entry.pm
M cgi-bin/DW/Media.pm
M etc/config.pl
Log Message:
-----------
[#1940] image upload quotas
New usercap 'media_file_quota' which is 500 (MB) by default.
New methods for checking usage and quota in DW::Media.
New user method, can_upload_media, which is false if you've
gone over quota, true otherwise.
Added can_upload_media checks to the two places in the code
where upload_media is called.
Fixes #1940.
Commit: 5ef9d6b808677812834d7fb93228f6470aa4780d
https://github.com/dreamwidth/dw-free/commit/5ef9d6b808677812834d7fb93228f6470aa4780d
Author: Mark Smith <mark@qq.is>
Date: 2017-02-07 (Tue, 07 Feb 2017)
Changed paths:
M cgi-bin/DW/Controller/API/Media.pm
M cgi-bin/DW/Controller/Media.pm
M cgi-bin/DW/EmailPost/Entry.pm
M cgi-bin/DW/Media.pm
M etc/config.pl
Log Message:
-----------
Merge pull request #1960 from kareila/1940-media-limit
enforce limits for media (photo) usage
Compare: https://github.com/dreamwidth/dw-free/compare/c95821c146fd...5ef9d6b80867