Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Document Repository and Data Release should not store uploaded files in the codebase #5062

Closed
johnsaigle opened this issue Aug 21, 2019 · 1 comment · Fixed by #5815
Closed

Document Repository and Data Release should not store uploaded files in the codebase #5062

johnsaigle opened this issue Aug 21, 2019 · 1 comment · Fixed by #5815
Labels
Category: Security PR or issue that aims to improve security Cleanup PR or issue introducing/requiring at least one clean-up operation Proposal PR or issue suggesting an improvement that can be accepted, rejected or altered

Comments

@johnsaigle
Copy link
Contributor

Right now both modules create a custom user_uploads/ directory within the source code for user uploads. I don't think there is a good reason for this (but correct me if you know why this was done).

Other modules have a config setting like $module_upload_path which is customizable. This is preferable to having a hard-coded path, especially one that mixes user data with source code.
@johnsaigle johnsaigle added the Cleanup PR or issue introducing/requiring at least one clean-up operation label Aug 21, 2019
@johnsaigle johnsaigle added Category: Security PR or issue that aims to improve security Proposal PR or issue suggesting an improvement that can be accepted, rejected or altered labels Sep 11, 2019
@johnsaigle
Copy link
Contributor Author

#5234 adds a new upload path for Document Repository.

@johnsaigle johnsaigle mentioned this issue Sep 24, 2019
Closed
@ridz1208 ridz1208 mentioned this issue Dec 2, 2019
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Category: Security PR or issue that aims to improve security Cleanup PR or issue introducing/requiring at least one clean-up operation Proposal PR or issue suggesting an improvement that can be accepted, rejected or altered
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[data_release/document_repository] Make upload directory configurable ridz1208/Loris
1 participant
@johnsaigle