• Welcome to the Chevereto User Community!

    Here, users from all over the world come together to learn, share, and collaborate on everything related to Chevereto. It's a place to exchange ideas, ask questions, and help improve the software.

    Please keep in mind:

    • This community is user-driven. Always be polite and respectful to others.
    • Support development by purchasing a Chevereto license, which also gives you priority support.
    • Go further by joining the Community Subscription for even faster response times and to help sustain this space

random image link showing private images

Status
Not open for further replies.
random image link shows private images instead of public ones, so all you do is keep clicking random image url and you will find private images
 
datguy said:
random image link shows private images instead of public ones, so all you do is keep clicking random image url and you will find private images
Click to expand...

That is false.

Random mode is just a redirection and to view anything in /image/<id> you need to have permission. If the image is under an album with the permission "anyone with the link" or the website privacy is forced the content will be under that privacy. When you select "private" mode then you use default content privacy all the content who isn't under a privacy permission will be visible. That is why you can force the website content privacy so you can have a private website and force all the content to be private.

This code in route.image.php proves that:

PHP: 
        // Privacy
        if($handler::$cond['forced_private']) {
            $image['album']['privacy'] = CHV\get_chv_setting('website_content_privacy_mode');
        }
        if(!$is_admin and in_array($image['album']['privacy'], array('private', 'custom')) and !$is_owner) {
            return $handler->issue404();
        }
 
Rodolfo said:
That is false.

Random mode is just a redirection and to view anything in /image/<id> you need to have permission. If the image is under an album with the permission "anyone with the link" or the website privacy is forced the content will be under that privacy. When you select "private" mode then you use default content privacy all the content who isn't under a privacy permission will be visible. That is why you can force the website content privacy so you can have a private website and force all the content to be private.

This code in route.image.php proves that:

PHP: 
        // Privacy
        if($handler::$cond['forced_private']) {
            $image['album']['privacy'] = CHV\get_chv_setting('website_content_privacy_mode');
        }
        if(!$is_admin and in_array($image['album']['privacy'], array('private', 'custom')) and !$is_owner) {
            return $handler->issue404();
        }
Click to expand...


I mean the privacy with not safe for work it still shows them images 🙁
 
That is a different thing 😛 and now I understand the concern. I think that I can disable those in random.
 
Status
Not open for further replies.
Back
Top