holm/django-helpdeskmig
1
0
Fork 0
mirror of https://gitea.mueller.network/extern/django-helpdesk.git synced 2024-11-07 16:44:03 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #649 from auto-mat/attachments

Browse Source 
Include ticket secret in path to new attachments in order to reduce URL guessability.
This commit is contained in:
Garret Wassermann 2018-10-06 16:33:34 -04:00 committed by GitHub
commit 8c2009a871
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
helpdesk/models.py
View File

@ -781,7 +781,7 @@ def attachment_path(instance, filename):
"""
import os
os.umask(0)
path = 'helpdesk/attachments/%s/%s' % (instance.followup.ticket.ticket_for_url, instance.followup.id)
path = 'helpdesk/attachments/%s-%s/%s' % (instance.followup.ticket.ticket_for_url, instance.followup.ticket.secret_key, instance.followup.id)
att_path = os.path.join(settings.MEDIA_ROOT, path)
if settings.DEFAULT_FILE_STORAGE == "django.core.files.storage.FileSystemStorage":
if not os.path.exists(att_path):