I cannot see any image permission is active in the lightbox2(I'm using image module), when I click on the image it will display the full size image without checking whether the user has the required permission or not, So this is a security issue and please fix it,

Thanks

Comments

stella’s picture

stella commented
Category: feature » bug
Status: Active » Fixed

This has been fixed. However it's not a security issue as users can navigate to the image directly if you're using a public file system. If using a private system then access to this file is controlled by image module's implementation of hook_file_download(). At worst this is a bug which combined with a private file system would cause a broken image to be displayed in a lightbox.

Cheers,
Stella

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.