|Posted: Sat, 2005-11-19 18:27|
This is being transfered from the Install help forum. I started out there, but i think this is better suited here.
I've since re-installed Gallery2 5 or 6 times now trying different things. One big problem i see with the gallery: Administration! Maybe i don't understand fully how gallery works or is supposed to work. But i would think that a site admin would want to be the admin for multi-user galleries. Or should i install and let the user be the admin.
Problem i see with that is that, the user can now specify where to import files from, and if by some mistake they were to import say /etc/ that might cause a severe security problem.
So if there is supposed to be one admin for the multi-user galleries, it would be better to centralize the administration so that the admin could login and see all the galleries and move through them and make changes.
Maybe the easiest thing would be to limit what an admin can do if they are not the installer. Maybe during the install process, the import dir can be specified or not.
I'm still a bit worried about file permissions and accidental file importing from a wrong location. Esp. if /home/user/importdir/symlink = /etc
don’t know if this can happen. guess i should try a few more things to break my beater server!!!
Sorry i can't be of much help to write code for these features, my time is pretty well used up on opencores (FPGA programmer/embedded systems). If i have a few spare hours, i'll dig through the code