stephenmcd
commented
6 years ago I haven't confirmed it, but I think this would allow admin users to traverse parent directories which could turn into a security issue.
Closed shiplet closed 1 month ago
stephenmcd
commented
6 years ago I haven't confirmed it, but I think this would allow admin users to traverse parent directories which could turn into a security issue.
shiplet
commented
6 years ago Good point. So far being able to overwrite the FILEBROWSER_FOLDER_REGEX in settings.py is sufficient for us, maybe it'd be worth adding a note to the Media Library docs?
Ran into an issue where renaming Media Library files failed on file paths with dotted directory names: e.g.
/var/www/sites/sitename.com/....Propose including
\.in the defaultFOLDER_REGEXto account for this fairly common naming schema out of the box.