Deep Linking in G3

Twilek

Joined: 2003-05-30
Posts: 73

Posted: Mon, 2009-06-22 14:17

Hi all,

I have read in the wiki that the deep linking in G3 is prohibited by an .htaccess file. First of all if you do a recursive blocking of "Everybody" permission only the root album will get the .htaccess file. So I manually copied it to all albums as I haven´t got any public ones. And it really keeps you from listing the directory. But if you know the filename of the image you can still access it without a problem, .htaccess present or not, via a direct URL to it. Did I configure something wrong??

Regards Twilek

Update: Gallery was smarter than I was. It noticed that I had a session running as an admin and gave access, when I logged out access was blocked. But the issue with the recursive setting of the .htaccess file remains

bharat

Joined: 2002-05-21
Posts: 7994

Posted: Mon, 2009-06-22 18:32

The .htaccess file covers all subdirectories too, so if one exists at a higher level it will protect images at a lower level also. To verify it, create an album hierarchy like this: A -> B -> C.

Mark B as hidden from Everybody. var/albums/C should not have a .htaccess file, but guests should not be able to see images inside of it even if you create a link directly to the image. If that's not working, then we have a bug that needs to be fixed.
---
Problems? Check gallery3/var/logs
bugs/feature req's | upgrade to the latest code | use git | help! vote!

Twilek

Joined: 2003-05-30
Posts: 73

Posted: Mon, 2009-06-22 19:59

What can I say? Works like a charm. Even after I removed all .htaccess and only left the one in the albums dir

bharat

Joined: 2002-05-21
Posts: 7994

Posted: Wed, 2009-06-24 00:11

Whew.. you had me worried there!
---
Problems? Check gallery3/var/logs
bugs/feature req's | upgrade to the latest code | use git | help! vote!

Twilek Joined: 2003-05-30 Posts: 73	Posted: Mon, 2009-06-22 14:17
	Hi all, I have read in the wiki that the deep linking in G3 is prohibited by an .htaccess file. First of all if you do a recursive blocking of "Everybody" permission only the root album will get the .htaccess file. So I manually copied it to all albums as I haven´t got any public ones. And it really keeps you from listing the directory. But if you know the filename of the image you can still access it without a problem, .htaccess present or not, via a direct URL to it. Did I configure something wrong?? Regards Twilek Update: Gallery was smarter than I was. It noticed that I had a session running as an admin and gave access, when I logged out access was blocked. But the issue with the recursive setting of the .htaccess file remains
	XUser login Username: * Password: * Create new account Request new password
bharat Joined: 2002-05-21 Posts: 7994	Posted: Mon, 2009-06-22 18:32
	The .htaccess file covers all subdirectories too, so if one exists at a higher level it will protect images at a lower level also. To verify it, create an album hierarchy like this: A -> B -> C. Mark B as hidden from Everybody. var/albums/C should not have a .htaccess file, but guests should not be able to see images inside of it even if you create a link directly to the image. If that's not working, then we have a bug that needs to be fixed. --- Problems? Check gallery3/var/logs bugs/feature req's \| upgrade to the latest code \| use git \| help! vote!

Twilek Joined: 2003-05-30 Posts: 73	Posted: Mon, 2009-06-22 19:59
	What can I say? Works like a charm. Even after I removed all .htaccess and only left the one in the albums dir

bharat Joined: 2002-05-21 Posts: 7994	Posted: Wed, 2009-06-24 00:11
	Whew.. you had me worried there! --- Problems? Check gallery3/var/logs bugs/feature req's \| upgrade to the latest code \| use git \| help! vote!

Deep Linking in G3

XUser login