Quantcast
Channel: Issues for Drupal core
Viewing all articles
Browse latest Browse all 297408

Implement a tamper-proof hash for the media library state

March 7, 2019, 2:49 am
$
0
0

Problem/Motivation

From #2983179-16: [META] Implement stricter access checking for the media library:

Right now, the media library depends on a state value object derived from URL query parameters. Users are not supposed to tamper with those parameters, but we have no mechanism in place to prevent that. So we need to implement a tamper-proof hash, similar to what Media does in its IframeUrlHelper class, to prevent people from messing with the query parameters in the first place.

Proposed resolution

Implement a tamper-proof hash, similar to what Media does in its IframeUrlHelper class, to prevent people from messing with the query parameters.

Remaining tasks

Write patch
Review
Commit

User interface changes

None

API changes

None

Data model changes

None

Release notes snippet

Search
Viewing all articles
Browse latest Browse all 297408

Trending Articles

Police confirm man stabbed to death in Selsdon was Andrew David Else of Croydon

April 26, 2014, 8:31 am

Moondru Mudichu 20-07-2016 – Polimer tv Serial

July 20, 2016, 9:25 am

Hull man, 27, dies after crashing car into a tree on the A165 near Brandesburton

January 2, 2015, 1:42 am

Reply: Betrayal at House on the Hill:: Rules:: Re: Haunt #6 - Spoilers Within

September 15, 2018, 4:28 pm

Best 5 Happy Mothers Day Poems For Step Mother

April 11, 2016, 9:36 am

Jamani mm nauliza hivi second selection za form five zinatoka lini?

August 7, 2017, 4:53 am

Madonna – Behind Me (feat. Guido Dos Santos) – Single [iTunes Plus M4A]

December 25, 2024, 6:44 am

DMG Audio Limitless v1.01 WiN/OSX Incl Patched and Keygen-R2R

February 5, 2016, 4:18 am

Sri Lankan Actress Nadeesha Hemamali Hot Shoot

December 8, 2015, 11:05 am

Stories • Goddess Stepmom

January 31, 2025, 1:10 pm

Angry father ordered to compensate daughter’s male friend

December 28, 2017, 6:10 pm

Who’s been sentenced from Corby, Kettering, Ringstead, Rothwell, Rushden,...

March 24, 2019, 11:00 pm

Anthony Wahome Biography, Family, Wife and Children

August 20, 2016, 3:57 am

Practice Sheet of Right form of verbs for HSC Students

September 22, 2019, 11:40 pm

Materials Around Us Class 6 Worksheet Science Chapter 6

October 3, 2024, 5:20 am

JESSIE ROGERSON ON JULY 10, 20...

July 11, 2019, 7:00 pm

Hyper-V replication "Enabling Replication Failed"

November 9, 2020, 3:17 am

A/L Technology Stream – Subject combinations, Syllabuses and Teacher guides

December 17, 2013, 6:12 pm

Joseph Bradley – Carlisle

July 4, 2015, 1:16 am

Laura Pausini - Platinum Collection (3Cd) (2009) .mp3 - 320 Kbps

March 29, 2013, 4:20 am
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>