widelands-dev team mailing list archive

Thread
Date

Re: [Merge] lp:~widelands-dev/widelands-website/pybb_attachments into lp:widelands-website

To: mp+370342@xxxxxxxxxxxxxxxxxx
From: GunChleoc <fios@xxxxxxxxxxxxxxxxxxx>
Date: Wed, 31 Jul 2019 09:17:39 -0000
In-reply-to: <156348158425.10583.12296168620382235518.launchpad@ackee.canonical.com>
Reply-to: mp+370342@xxxxxxxxxxxxxxxxxx
Sender: bounces@xxxxxxxxxxxxx

> Everyone can rename 'image.js' into 'image.png'...

That's true. It would still be an advantage though if the browser then doesn't execute it.

Doing a full validation too is definitely a better idea.

> What about restricting uploads to users who have written x posts prior? 

Also a good idea
-- 
https://code.launchpad.net/~widelands-dev/widelands-website/pybb_attachments/+merge/370342
Your team Widelands Developers is requested to review the proposed merge of lp:~widelands-dev/widelands-website/pybb_attachments into lp:widelands-website.

References

[Merge] lp:~widelands-dev/widelands-website/pybb_attachments into lp:widelands-website
From: kaputtnik, 2019-07-18