0a70e51f74
Also redirect to it for download, for Amazon S3 compatibility. Prior to this patch an attacker could obtain an users export by guessing the filename with a high chance of success. Fully authenticating the download request is a lot harder due to our diverse deployment scenarios. This brings the used method in line with the photo export feature. Thanks to @tomekr for the report. |
||
|---|---|---|
| .. | ||
| exported_photos.rb | ||
| exported_user.rb | ||
| processed_image.rb | ||
| secure_uploader.rb | ||
| unprocessed_image.rb | ||