mirror of
https://gitea.mueller.network/extern/django-helpdesk.git
synced 2024-12-26 16:48:50 +01:00
Merge pull request #649 from auto-mat/attachments
Include ticket secret in path to new attachments in order to reduce URL guessability.
This commit is contained in:
commit
8c2009a871
@ -781,7 +781,7 @@ def attachment_path(instance, filename):
|
||||
"""
|
||||
import os
|
||||
os.umask(0)
|
||||
path = 'helpdesk/attachments/%s/%s' % (instance.followup.ticket.ticket_for_url, instance.followup.id)
|
||||
path = 'helpdesk/attachments/%s-%s/%s' % (instance.followup.ticket.ticket_for_url, instance.followup.ticket.secret_key, instance.followup.id)
|
||||
att_path = os.path.join(settings.MEDIA_ROOT, path)
|
||||
if settings.DEFAULT_FILE_STORAGE == "django.core.files.storage.FileSystemStorage":
|
||||
if not os.path.exists(att_path):
|
||||
|
Loading…
Reference in New Issue
Block a user