Image proxy can be abused too easily

Steps to reproduce
  1. Configure a proxy secret
  2. Start a new post
  3. Insert an external image
  4. Click preview
  5. Copy the generated image URL
Result
The generated proxy.php URL can now be used externally forever until the secret is changed without the image ever being displayed anywhere publically in XenForo

Suggested Mitigation
Make the hashes automatically expire after a configurable expire time

Читать далее...
 
Активность
Пока что здесь никого нет
Назад
Верх Низ