Image Permissions on lightbox2
heshanmw - July 7, 2009 - 20:25
| Project: | Lightbox2 |
| Version: | 5.x-2.9 |
| Component: | Code |
| Category: | bug report |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | closed |
Jump to:
Description
I cannot see any image permission is active in the lightbox2(I'm using image module), when I click on the image it will display the full size image without checking whether the user has the required permission or not, So this is a security issue and please fix it,
Thanks
#1
This has been fixed. However it's not a security issue as users can navigate to the image directly if you're using a public file system. If using a private system then access to this file is controlled by image module's implementation of hook_file_download(). At worst this is a bug which combined with a private file system would cause a broken image to be displayed in a lightbox.
Cheers,
Stella
#2
Automatically closed -- issue fixed for 2 weeks with no activity.