New check: Linkit shouldn't be configured to output 'Direct file link'

govCMS / audit-site

govCMS site audit and remediation tool. Used to verify all sites built in, and for GovCMS SaaS meet the minimum requirements.

4 stars 4 forks source link

New check: Linkit shouldn't be configured to output 'Direct file link' #19

Open rooby opened 6 years ago

rooby commented 6 years ago

Due to the dynamic nature of the files directory it is not a good idea to link direct to files with /sites/default/files/etc paths.

If you configure Linkit for file entities so that URL type is 'URL type' or 'Download file link' then you are going to end up with those direct file paths in your content, which may later break.

It would be good to raise a notice about this setting if it is configured in a potentially risky way.

govcms-linkit_file_settings

tobybellwood commented 6 years ago

Thanks @rooby - we've just discussed this and a first step would be for us to capture and report any site using direct/download file links that aren't "their own".