Closed
Bug 652979
Opened 14 years ago
Closed 14 years ago
Only allow editors to view binary content until addon is approved
Categories
(addons.mozilla.org Graveyard :: Developer Pages, defect, P4)
Tracking
(Not tracked)
VERIFIED
FIXED
6.1.0
People
(Reporter: andy+bugzilla, Assigned: andy+bugzilla)
References
Details
Current permissions for viewing the binary content in a file are: the editor or if the user selected public, anyone. But that means just by uploading a file and having it in the review queue and selecting public, potentially naughty binary content can be served of st.a.m.o.
Only editors should be able to view binary content, even off st.a.m.o until the addon or file is public.
Updated•14 years ago
|
Assignee: nobody → amckay
Priority: -- → P4
Target Milestone: --- → 6.1.0
Assignee | ||
Comment 1•14 years ago
|
||
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Comment 2•14 years ago
|
||
For anonymous users, the file viewer link is 403(blank)
Status: RESOLVED → VERIFIED
Updated•9 years ago
|
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•