Private temp files are still accessible to anonymous users. [#2842640]

Problem/Motivation

Even when a managed file element's #uri_scheme is set to private the temp file is available to anonymous user

Steps to reproduce

As an anonymous user
Goto /form/test-element-managed-file
Upload a text file
Click link to temp file

Proposed resolution

Block anonymous users from accessing temporary private files.

Remaining tasks

Remove links from file upload widget to anonymous file
Block access to anonymous file.
Write tests

Comment	File	Size	Author
#2	private_temp_files_are-2842640-2.patch	6.36 KB	jrockowitz
#2	8.x-5.x: PHP 5.5 & MySQL 5.5, D8.2 250 pass

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

Comment #1

11 January 2017 at 10:40

jrockowitz created an issue. See original summary.

Comment #2

jrockowitz CreditAttribution: jrockowitz as a volunteer commented 11 January 2017 at 11:35

Status:

Active

» Needs review

File	Size
private_temp_files_are-2842640-2.patch	6.36 KB
8.x-5.x: PHP 5.5 & MySQL 5.5, D8.2 250 pass

Comment #3

jrockowitz CreditAttribution: jrockowitz as a volunteer commented 11 January 2017 at 11:36

Issue summary:

View changes

Comment #4

11 January 2017 at 13:48

jrockowitz authored 341261a on 8.x-5.x

Issue #2842640 by jrockowitz: Private temp files are still accessible to...

Comment #5

jrockowitz CreditAttribution: jrockowitz as a volunteer commented 11 January 2017 at 13:48

Status:

Needs review

» Fixed

Comment #6

25 January 2017 at 13:54

Status:

Fixed

» Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.

Private temp files are still accessible to anonymous users.

Problem/Motivation

Proposed resolution

Remaining tasks

Comments

Comment #1

Comment #2

Comment #3

Comment #4

Comment #5

Comment #6

Thank you to these Drupal contributors

News items

Our community

Documentation

Drupal code base

Governance of community