FriendsOfFlarum Byōbu, well integrated, advanced private discussions

MathieuM

I don't easily remember when it was, but I'd installed this extension a long time ago. Later, you'd published a version where we had to do some SQL modifications. Could it be the problem?

Trc4

hi @FriendsOfFlarum we have some Problems
the plugin works great with a few problematic exceptions

Images from private chat can be seen globally
if someone makes a quote from a post, it will be displayed for everyone.

clarkwinkelmann

Trc4 where are the image seen "globally"?

It is by design that anyone who knows the URL to an image can see it, otherwise it would be very difficult to support some of the storage drivers or would incur a lot of bandwidth cost if everything was always proxied through PHP.

If someone who can see an image decides to share the URL with somebody else, the link will work, and that's how it's supposed to work.

But if someone can't read a discussion, they shouldn't be able to guess the URL to the files posted inside of that discussion. If you found a way to sniff/guess files posted somewhere private please share more details so we can patch it.

I believe that the "file download" template uses some sort of proxy endpoint so it might be able to protect access when a link is shared. But on the other hand it think it cannot display a preview since that would reveal the link. An option to proxy everything would definitely be possible but I don't think it exists in the current version. I'm not sure what the best implementation would be seeing files can be hosted in multiple drivers at the same time and you might not want to proxy all types or size of files.

« Previous Page