[Gforge-devel] RE: Porn on GForge.org

Robert Nelson robertn at the-nelsons.org
Sun Mar 11 05:40:30 EDT 2007 

I just committed a fix to download.php that adds the requirement that the
user be logged in to download files.  I also changed the disposition from
the filename to "attachment".  This causes the browser to always ask whether
to open or save the file.

My suggestion to change the Content-Type header didn't help for all the
browsers in all situations.

I committed this change to both the trunk and the 4.6 branch.

It should probably also go into the 4.5 branch.

> -----Original Message-----
> From: gforge-devel-bounces at lists.gforge.org [mailto:gforge-devel-
> bounces at lists.gforge.org] On Behalf Of Robert Nelson
> Sent: Saturday, March 10, 2007 10:27 AM
> To: gforge-devel at lists.gforge.org
> Subject: RE: [Gforge-devel] RE: Porn on GForge.org
> 
> I think the following should be done:
> 
> 	Require login to download
> 
> 	Map text/* to text/plain
> 	Map everything else to application/octet-stream
> 
> 	Add an option to handle new user registrations like new projects and
> require approval from an admin.
> 
> > -----Original Message-----
> > From: gforge-devel-bounces at lists.gforge.org [mailto:gforge-devel-
> > bounces at lists.gforge.org] On Behalf Of Tim Perdue
> > Sent: Saturday, March 10, 2007 5:04 AM
> > To: gforge-devel at lists.gforge.org
> > Subject: Re: [Gforge-devel] RE: Porn on GForge.org
> >
> > Robert Nelson wrote:
> > > Actually you probably want to add distinct to the query so it becomes:
> > >
> > >
> > >
> > > select distinct "http://gforge.org/tracker/index.php?func=detail&aid="
> > > || artifact.artifact_id || "&group_id=" ||  group_id || "&atid=" ||
> > > agl.group_artifact_id from ((artifact_file inner join artifact on
> > > artifact_file.artifact_id = artifact.artifact_id) inner join
> > > artifact_group_list AS agl on agl.group_artifact_id =
> > > artifact.group_artifact_id) where filetype = "text/html"
> >
> > We probably just need to require a login in order to download anything.
> > That would solve the problem of using it as a public file host.
> >
> > --
> > Tim Perdue,
> > http://gforgegroup.com
> >
> > PH 515-554-9520
> > FAX 504-910-3655
> > _______________________________________________
> > Gforge-devel mailing list
> > Gforge-devel at lists.gforge.org
> > http://lists.gforge.org/mailman/listinfo/gforge-devel
> 
> 
> 
> _______________________________________________
> Gforge-devel mailing list
> Gforge-devel at lists.gforge.org
> http://lists.gforge.org/mailman/listinfo/gforge-devel

More information about the Gforge-devel mailing list