Closed michaelwebfischer closed 3 years ago
samwilson
commented
7 years ago Would there be any security problem with that? I could imagine that a malicious user would be able to prompt massive batch downloads and bog down the server. Perhaps it'd need a decent captcha? Or be limited to small albums or small sizes?
OrionDB
commented
5 years ago I will be interested too in a function to allow guest to bulk download a full album.
To avoid security problem, I think just add a button on the extension configuration menu will do the job, with a warning message when activating it.
For example, in my case, I also used Protected Albums extensions, so my guests needs a password to view the album, this reduce the security risk.
rvdv01
commented
8 months ago Hello @plegall ,
Thanks for making this. I believe however, a bug has run into this.
In functions.inc.php on line 110 (of the current version of Piwigo), it reads:
if (is_a_guest() and !conf_get_param('batch_download_guest_allowed', false)) return false;
So, it checks if the user is a guest and if the setting batch_download_guest_allowed is not false (ie. it is true) and then it returns 'false'. So if you are a guest and guest downloads are not disallowed (ie. they are allowed) you get 'false' resulting in NO download button.
It should be:
if (is_a_guest() and !conf_get_param('batch_download_guest_allowed', false)) return true;
After changing it this way, the download ZIP-button shows fine for guests.
Hi!
Is it possible to make downloads via this plugin available for guests (users, that are not logged in)?
Thanks, Mike