Closed Bug 652979 Opened 13 years ago Closed 13 years ago

Only allow editors to view binary content until addon is approved

Tracking

(Not tracked)

Status:

VERIFIED FIXED

Milestone:

6.1.0

People

(Reporter: andy+bugzilla, Assigned: andy+bugzilla)

References

Details

Andy McKay

Assignee

Description

•

13 years ago

Current permissions for viewing the binary content in a file are: the editor or if the user selected public, anyone. But that means just by uploading a file and having it in the review queue and selecting public, potentially naughty binary content can be served of st.a.m.o.

Only editors should be able to view binary content, even off st.a.m.o until the addon or file is public.

Wil Clouser [:clouserw]

Updated

•

13 years ago

Assignee: nobody → amckay

Priority: -- → P4

Target Milestone: --- → 6.1.0

Andy McKay

Assignee

Comment 1

•

13 years ago

https://github.com/jbalogh/zamboni/commit/1d8f43e5fb07ef227790856e62cd11284f0e2ffd

Status: NEW → RESOLVED

Closed: 13 years ago

Resolution: --- → FIXED

krupa raj[:krupa]

Comment 2

•

13 years ago

For anonymous users, the file viewer link is 403(blank)

Status: RESOLVED → VERIFIED

Nobody; OK to take it and work on it

Updated

•

8 years ago

Product: addons.mozilla.org → addons.mozilla.org Graveyard

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

Only allow editors to view binary content until addon is approved

Categories

(addons.mozilla.org Graveyard :: Developer Pages, defect, P4)

Tracking

(Not tracked)

People

(Reporter: andy+bugzilla, Assigned: andy+bugzilla)

References

Details

Crash Data

Security

(public)

User Story

Description

Updated

Comment 1

Comment 2

Updated