[Gforge-devel] RE: Porn on GForge.org
Tim Perdue
tim at gforgegroup.com
Wed Mar 14 18:53:07 EDT 2007
Robert Nelson wrote:
> I have fixes for all of these. The changes I made were primarily to add
> attachment to Content-disposition. This ensures that the user is prompted
> whether to download or open the file. This reduces the chances of malicious
> attachments being processed on users' machines without their interaction.
>
> I changed Forum and Tracker attachment downloads so the user must be logged
> in. I didn't require the user to be logged in to download FRS or DocMan
> files since these must be either uploaded or approved by an admin or project
> member. I felt that requiring a logged in user would interfere with
> automated downloads and installations.
>
> I also enhanced the snippets so that the suggested filename is snippet_$id
> with the language specific extension appended, for example snippet_1.c.
>
> Should I commit all these changes to the 4.6 branch?
That'd be great, thanks.
--
Tim Perdue,
http://gforgegroup.com
PH 515-554-9520
FAX 504-910-3655
More information about the Gforge-devel
mailing list