forked from extern/django-helpdesk
Include ticket secret in path to new attachments in order to reduce URL guessability.
This commit is contained in:
parent
7bad004780
commit
caaa0e5158
@ -781,7 +781,7 @@ def attachment_path(instance, filename):
|
||||
"""
|
||||
import os
|
||||
os.umask(0)
|
||||
path = 'helpdesk/attachments/%s/%s' % (instance.followup.ticket.ticket_for_url, instance.followup.id)
|
||||
path = 'helpdesk/attachments/%s-%s/%s' % (instance.followup.ticket.ticket_for_url, instance.followup.ticket.secret_key, instance.followup.id)
|
||||
att_path = os.path.join(settings.MEDIA_ROOT, path)
|
||||
if settings.DEFAULT_FILE_STORAGE == "django.core.files.storage.FileSystemStorage":
|
||||
if not os.path.exists(att_path):
|
||||
|
Loading…
Reference in New Issue
Block a user