do not allow to upload files if no firewall is configured

symfony-cmf / media-bundle

UNMAINTAINED - Minimalistic interfaces to handle media in the context of the CMF

http://cmf.symfony.com/

30 stars 40 forks source link

do not allow to upload files if no firewall is configured #85

Closed dbu closed 10 years ago

dbu commented 10 years ago

Q	A
Bug fix?	yes
New feature?	yes
BC breaks?	only edge cases
Deprecations?	no
Tests pass?	see travis
Fixed tickets	-
License	MIT
Doc PR	TODO

The current code skips security checks if no symfony firewall is configured for the upload route. This fix limits this behaviour to when the user explicitly enables anonymous editing. Also, we factor out the security check into a method to be more future proof.

/cc @rmsint

lsmith77 commented 10 years ago

I see you branched off current master to 1.0? I guess we should release that as 1.0.1? https://github.com/symfony-cmf/MediaBundle/compare/1.0.0...1.0

dbu commented 10 years ago

true. i tagged 1.0.1 now.

dbu commented 10 years ago

otherwise any inputs on the PR, good to merge?

lsmith77 commented 10 years ago

where do you handle cmf_media.upload_file_role: false ?

dbu commented 10 years ago

ups, thanks. now we handle it in the controller, missed that bit.

lsmith77 commented 10 years ago

looks good for me now.