Posted by heshan.lk on July 7, 2009 at 8:25pm
Jump to:
| Project: | Lightbox2 |
| Version: | 5.x-2.9 |
| Component: | Code |
| Category: | bug report |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | closed (fixed) |
Issue Summary
I cannot see any image permission is active in the lightbox2(I'm using image module), when I click on the image it will display the full size image without checking whether the user has the required permission or not, So this is a security issue and please fix it,
Thanks
Comments
#1
This has been fixed. However it's not a security issue as users can navigate to the image directly if you're using a public file system. If using a private system then access to this file is controlled by image module's implementation of hook_file_download(). At worst this is a bug which combined with a private file system would cause a broken image to be displayed in a lightbox.
Cheers,
Stella
#2
Automatically closed -- issue fixed for 2 weeks with no activity.