Image proxy can be abused too easily

Steps to reproduce

1. Configure a proxy secret
2. Start a new post
3. Insert an external image
4. Click preview
5. Copy the generated image URL

Result
The generated proxy.php URL can now be used externally forever until the secret is changed without the image ever being displayed anywhere publically in XenForo

Suggested Mitigation
Make the hashes automatically expire after a configurable expire time

Читать далее...