Closed
Bug 652979
Opened 13 years ago
Closed 13 years ago
Only allow editors to view binary content until addon is approved
Categories
(addons.mozilla.org Graveyard :: Developer Pages, defect, P4)
Tracking
(Not tracked)
VERIFIED
FIXED
6.1.0
People
(Reporter: andy+bugzilla, Assigned: andy+bugzilla)
References
Details
Current permissions for viewing the binary content in a file are: the editor or if the user selected public, anyone. But that means just by uploading a file and having it in the review queue and selecting public, potentially naughty binary content can be served of st.a.m.o. Only editors should be able to view binary content, even off st.a.m.o until the addon or file is public.
Updated•13 years ago
|
Assignee: nobody → amckay
Priority: -- → P4
Target Milestone: --- → 6.1.0
Assignee | ||
Comment 1•13 years ago
|
||
https://github.com/jbalogh/zamboni/commit/1d8f43e5fb07ef227790856e62cd11284f0e2ffd
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Comment 2•13 years ago
|
||
For anonymous users, the file viewer link is 403(blank)
Status: RESOLVED → VERIFIED
Updated•8 years ago
|
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•