5d15e3f39d
On Webs with file uploads enabled, uploaded files were stored (in version 0.16.1 and earlier) in the public/ directory. This was a security threat. A miscreant could upload a .html file. When a user clicked on the link to the file, it was opened (unsanitized) in the browser. As of version 0.16.2, uploaded files are stored in the webs/ directory. Now, when the user clicks on the link, the file is sent with the Content-Disposition: attachment header set, which causes the file to be downloaded, rather than opened in the browser. As always, files downloaded from the internets should be treated with caution. At least, this way, they are not aoutomatically opened in the browser. To move your existing uploaded files to the new location, do a rake upgrade_instiki |
||
---|---|---|
.. | ||
admin_controller_test.rb | ||
application_test.rb | ||
file_controller_test.rb | ||
routes_test.rb | ||
wiki_controller_test.rb |