• Jonne Haß's avatar
    Add a token the filename for exported user data · 0a70e51f
    Jonne Haß authored
    Also redirect to it for download, for Amazon S3
    compatibility.
    
    Prior to this patch an attacker could obtain an
    users export by guessing the filename with a high
    chance of success. Fully authenticating the
    download request is a lot harder due to our diverse
    deployment scenarios.
    
    This brings the used method in line with the photo
    export feature.
    
    Thanks to @TomekR for the report.
    0a70e51f
Name
Last commit
Last update
..
exported_photos.rb Loading commit data...
exported_user.rb Loading commit data...
processed_image.rb Loading commit data...
secure_uploader.rb Loading commit data...
unprocessed_image.rb Loading commit data...