CGM_Public/pretix_original
2
0
Fork 1
mirror of https://github.com/pretix/pretix.git synced 2026-05-03 14:54:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

[SECURITY] Bind relevant cached file downloads to the current session

Browse Source
This commit is contained in:
Raphael Michel
2020-12-18 19:17:23 +01:00
parent a3dd015c23
commit c60a25f2bc
11 changed files with 42 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/pretix/base/models/base.py
View File

@@ -28,6 +28,8 @@ class CachedFile(models.Model):
filename = models.CharField(max_length=255)
type = models.CharField(max_length=255)
file = models.FileField(null=True, blank=True, upload_to=cachedfile_name, max_length=255)
web_download = models.BooleanField(default=True) # allow web download, True for backwards compatibility in plugins
session_key = models.TextField(null=True, blank=True) # only allow download in this session
@receiver(post_delete, sender=CachedFile)