from micz_: http://drupal.org/node/1923336#comment-7096872

How it works? I Can see itoken attached to the end of img links only in view mode in my content body field but not in edit view-source wyswigy mode.

I have uninstall this module, flush cache and image cache, install corrector again and I have itoken added twice. I have a local copy of db, but somebody else could not have it.

Comments

MStrzelecki_’s picture

MStrzelecki_ commented
Status: Closed (fixed) » Active

I have done a research and I found:

1. If you have installed media module and wyswigy module there is add media button which generates [[{"type":"media","view_mode":"media_large","fid":"103","attributes":{"height":85,"width":800,"style":"width: 405px; height: 43px;","class":"media-image media-element file-media-large"}}]]markup.

2. You can add images manually or using insert module which generates src="http://dummy.localhost/sites/dummy.localhost/files/styles/medium/public/images/content_type/223/imagegallery.jpg" drupal 7.19 markup.

As updating drupal to version 7.20 first method is working already. Second method is not working after updating to drupal 7.20.

This module is working. But for my install 'Old Image Link Corrector' should be placed before 'Convert Media tags to markup' in text filter formats. Itoken is only once everywhere.

It works for me. Tested with flushing all caches (+image flush). We should change title of this post.

pp, thanks a lot!
p.s. It would be nice to have it in drupal core or push changes to database tables, we could safely uninstall this module.

pp’s picture

pp commented
Status: Active » Needs review

micz_ I resolve this issue, please test the new version of module. (use "git pull origin master" in directory of module repository)

MStrzelecki_’s picture

MStrzelecki_ commented

It seems to work for me :) why it is only sandbox module?

pp’s picture

pp commented
Status: Needs review » Fixed

I try to make a contrib module whit it in this week.

MStrzelecki_’s picture

MStrzelecki_ commented

+1

David_Rothstein’s picture

David_Rothstein commented

Looks pretty solid to me. If you turn it into a real module, leave a comment here and I'll add a link to it from http://drupal.org/drupal-7.20-release-notes.

In some ways, this lessens the anti-DOS protection included in the security release (since anyone who has permission to create content on the site with this text format could use it to automatically derive a bunch of tokens which they could then use in a DOS attack on the site, e.g. they could derive the tokens by repeatedly "previewing" a comment and pasting different URLs in it, or something like that). However, that would require a lot of extra work on their part.

But it's certainly good as a measure of last resort for a site where everything else fails (and better than 'image_allow_insecure_derivatives' in that respect). You might just consider mentioning the security issue on the module description page.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

Status: Active » Closed (fixed)

Correcting issue status, see #2125263: Issue status not taken from last comment during D7 migration.