Create Replica unhide all hidden albums

abelau

Joined: 2006-06-16
Posts: 47

Posted: Sun, 2008-05-04 12:07

I've a public album and a bunch of hidden (public) albums. With the create replica plugin, anyone browsing the public albums will be able to see all the names of the hidden albums when they "create replica". Can anyone confirm? and is it expected to do so? I am expecting the replica creation should also respect the hidden album attribute.

Gallery version 2.2.3
PHP version: 5.2.0
Webserver 2.2.3
Database 5.0.32
Activated toolkits (e.g. NetPbm, GD):
Operating system: Debian Linux (etch/stable)
WebDav version: 1.0.0.3

Login or register to post comments

abelau

Joined: 2006-06-16
Posts: 47

Posted: Fri, 2008-05-09 09:58

hmm, looks like it could just be my configuration problem. Any idea? or anyone could confirm?

Login or register to post comments

floridave

Joined: 2003-12-22
Posts: 9507

Posted: Fri, 2008-05-09 14:14

What permissions does the anyone browsing the public albums will be able to see all the names of the hidden albums when they "create replica". have?

Dave
_____________________________________________
Blog & G2 || floridave - Gallery Team

Login or register to post comments

abelau

Joined: 2006-06-16
Posts: 47

Posted: Sat, 2008-05-10 08:59

maybe I didn't explain correctly.

For argument sake, I have 2 albums (A & B)
Album A is public writable but marked hidden
Album B is public viewable but not writable.

To access album A, one needs the exact URL to "unlock" it, while people could browse album B linked from the gallery homepage!

Now any user could browse album B and click the "create replica" and could see album A(Should be hidden still) as the destination even when the user do not have the exact URL to album A.

Login or register to post comments

floridave

Joined: 2003-12-22
Posts: 9507

Posted: Sat, 2008-05-10 17:25

What permisisons do you have on album B to allow the user to 'create replica'?

Dave
_____________________________________________
Blog & G2 || floridave - Gallery Team

Login or register to post comments

abelau

Joined: 2006-06-16
Posts: 47

Posted: Sun, 2008-05-11 12:44

if I get what you mean correctly. Album B has "View all versions" permission only, but the create replica icon is still there. They can't create replica using album B as destination (view permission only).

Login or register to post comments

abelau Joined: 2006-06-16 Posts: 47	Posted: Sun, 2008-05-04 12:07
	I've a public album and a bunch of hidden (public) albums. With the create replica plugin, anyone browsing the public albums will be able to see all the names of the hidden albums when they "create replica". Can anyone confirm? and is it expected to do so? I am expecting the replica creation should also respect the hidden album attribute. Gallery version 2.2.3 PHP version: 5.2.0 Webserver 2.2.3 Database 5.0.32 Activated toolkits (e.g. NetPbm, GD): Operating system: Debian Linux (etch/stable) WebDav version: 1.0.0.3
	Login or register to post comments XUser login Username: * Password: * Create new account Request new password
abelau Joined: 2006-06-16 Posts: 47	Posted: Fri, 2008-05-09 09:58
	hmm, looks like it could just be my configuration problem. Any idea? or anyone could confirm?
	Login or register to post comments
floridave Joined: 2003-12-22 Posts: 9507	Posted: Fri, 2008-05-09 14:14
	What permissions does the anyone browsing the public albums will be able to see all the names of the hidden albums when they "create replica". have? Dave _____________________________________________ Blog & G2 \|\| floridave - Gallery Team
	Login or register to post comments
abelau Joined: 2006-06-16 Posts: 47	Posted: Sat, 2008-05-10 08:59
	maybe I didn't explain correctly. For argument sake, I have 2 albums (A & B) Album A is public writable but marked hidden Album B is public viewable but not writable. To access album A, one needs the exact URL to "unlock" it, while people could browse album B linked from the gallery homepage! Now any user could browse album B and click the "create replica" and could see album A(Should be hidden still) as the destination even when the user do not have the exact URL to album A.
	Login or register to post comments
floridave Joined: 2003-12-22 Posts: 9507	Posted: Sat, 2008-05-10 17:25
	What permisisons do you have on album B to allow the user to 'create replica'? Dave _____________________________________________ Blog & G2 \|\| floridave - Gallery Team
	Login or register to post comments
abelau Joined: 2006-06-16 Posts: 47	Posted: Sun, 2008-05-11 12:44
	if I get what you mean correctly. Album B has "View all versions" permission only, but the create replica icon is still there. They can't create replica using album B as destination (view permission only).
	Login or register to post comments

Create Replica unhide all hidden albums

XUser login