Advanced search  

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Pages: [1]   Go Down

Author Topic: Access to full-sized images using the path from "view source"  (Read 5228 times)

0 Members and 1 Guest are viewing this topic.

oleredeye

  • Coppermine newbie
  • Offline Offline
  • Posts: 3
Access to full-sized images using the path from "view source"
« on: November 29, 2010, 12:57:37 pm »

My sandpit gallery is http://www.helmsleyarchaeologicalandhistoricalsociety.org.uk/cpg15x/ running Coppermine 1.5.8 on a Windows server.

I have configured it so that public users can see a normal, watermarked image overlayed with a transparent gif.

Everybody can View Source so that the path to the image is apparent - for example, the html shows background="albums/userpics/10001/normal_Church_Street_1910.jpg"

So if I enter the URL http://www.helmsleyarchaeologicalandhistoricalsociety.org.uk/cpg15x/albums/userpics/10001/normal_Church_Street_1910.jpg  I see the normal, watermarked image without the transparent gif.

But if I edit out normal_ to give http://www.helmsleyarchaeologicalandhistoricalsociety.org.uk/cpg15x/albums/userpics/10001/Church_Street_1910.jpg  I see the full-sized, non-watermarked image which I am trying to protect and stop people stealing….

I want to keep the full-sized, non-watermarked images on the server for privileged users and the administrator.  Is there a workaround to this, please?

Feel free to delete this from the forum if you feel it exposes a security issue you would prefer not to make public....
Logged

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15764
Re: Access to full-sized images using the path from "view source"
« Reply #1 on: November 29, 2010, 04:39:18 pm »

That's no security issue and has been discussed lately.

Moving to permissions board.
Logged

oleredeye

  • Coppermine newbie
  • Offline Offline
  • Posts: 3
Re: Access to full-sized images using the path from "view source"
« Reply #2 on: November 30, 2010, 11:59:49 am »

Fine.  Now sorted with a .htaccess file in the appropriate place...

AuthUserFile /dev/null
AuthGroupFile /dev/null

RewriteEngine On

RewriteCond %{HTTP_REFERER} !^http://www.site.com.* [NC]
RewriteCond %{HTTP_REFERER} !^http://site.com.* [NC]

RewriteRule /* http://www.site.com/angryman.gif [R,L]

Thanks for pointing me in the right direction, André ...
Logged
Pages: [1]   Go Up
 

Page created in 0.037 seconds with 19 queries.