-
Notifications
You must be signed in to change notification settings - Fork 170
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature: Added option to guard a dir #126
base: master
Are you sure you want to change the base?
Conversation
Hmm, this doesn't really seem safe, does it? It uses a GET parameter to set the guard dir? |
…he minimum level you could reach
@barryvdh Right now, yes. This acutally needs a better implementation than this. Is this an idea that could be merged if it's coded the right way? |
@barryvdh And it's a GET because it's optional. |
Why don't you just change the path in the roots? |
@barryvdh That could be done, but not on runtime right? You have to set this path in the config file. |
Why would you want to do it on run-time? Anything done by Javascript is not secure. |
OK, i'll give an example. Maybe you get the point then. In the past this was just a simple Folder structure:
What we don't want is the client to upload images specific for news; to upload them in another directory then the news directory. That's why we came up with this idea to I hope you understand why we added this feature. |
This feature enables developers to set an guardDir in their elfinder configuration.
Sometimes you want that the client can only upload media in specific folder. This folder may change on runtime. This feature enables this. You basically set an
data-guarddir
on your which is an path, relative to the root media dir. Maybe the wordguard
is misplaced, but I couldn't find a better name that suits these needs.