HGustavs / LenaSYS

Code Viewer and Course Organization System used in some courses at University of Skövde
57 stars 31 forks source link

Finalize fix for bug in Preview Iframe #1873

Open HGustavs opened 8 years ago

HGustavs commented 8 years ago

Currently preview iframes mostly work due to a recent fix of the program code. However. We need to rework the fix sligthly.

This is what happens. If we link to an existing document e.g. test.png

The correct link something that looks like "courses/courseid/versod/test.png".

This works in the current install, but it is considered a bug, since the contents of that folder currently is not properly protected. The formally correct way to do this is to go via showdoc and to use apache to write protect direct downloads from the courses folder.

This is the way that it is supposed to work, no direct acces to files by typing in the address bar, but rather through showdoc.

So: the link in the preview iframe should be rewritten to something like yadyada/showdoc.php?test.png

a97marbr commented 8 years ago

Ouch! Do we have more of this type of bug? I elevate this to fix now!