Closed dbu closed 10 years ago
I see you branched off current master to 1.0? I guess we should release that as 1.0.1? https://github.com/symfony-cmf/MediaBundle/compare/1.0.0...1.0
true. i tagged 1.0.1 now.
otherwise any inputs on the PR, good to merge?
where do you handle cmf_media.upload_file_role: false
?
ups, thanks. now we handle it in the controller, missed that bit.
looks good for me now.
The current code skips security checks if no symfony firewall is configured for the upload route. This fix limits this behaviour to when the user explicitly enables anonymous editing. Also, we factor out the security check into a method to be more future proof.
/cc @rmsint