extern/django-helpdesk
1
0
Fork 1
mirror of https://github.com/django-helpdesk/django-helpdesk.git synced 2025-04-27 22:28:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #649 from auto-mat/attachments

Browse Source 
Include ticket secret in path to new attachments in order to reduce URL guessability.
This commit is contained in:
Garret Wassermann 2018-10-06 16:33:34 -04:00 committed by GitHub
commit 8c2009a871
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
helpdesk/models.py
View File

@ -781,7 +781,7 @@ def attachment_path(instance, filename):
""" """
import os import os
os.umask(0) os.umask(0)
path = 'helpdesk/attachments/%s/%s' % (instance.followup.ticket.ticket_for_url, instance.followup.id) path = 'helpdesk/attachments/%s-%s/%s' % (instance.followup.ticket.ticket_for_url, instance.followup.ticket.secret_key, instance.followup.id)
att_path = os.path.join(settings.MEDIA_ROOT, path) att_path = os.path.join(settings.MEDIA_ROOT, path)
if settings.DEFAULT_FILE_STORAGE == "django.core.files.storage.FileSystemStorage": if settings.DEFAULT_FILE_STORAGE == "django.core.files.storage.FileSystemStorage":
if not os.path.exists(att_path): if not os.path.exists(att_path):