Disabling random link by default as it poses a security risk. #392

2025-01-14 14:43:17 +08:00 · 2022-02-06 15:13:40 +01:00 · 2022-02-06 15:13:40 +01:00 · a1de381caa
commit a1de381caa
parent 42fd161a66
2 changed files with 13 additions and 6 deletions
--- a/src/common/config/public/ClientConfig.ts
+++ b/src/common/config/public/ClientConfig.ts
@ -57,8 +57,8 @@ export class ClientSharingConfig {

@SubConfigClass()
 export class ClientRandomPhotoConfig {
-  @ConfigProperty()
-  enabled: boolean = true;
+  @ConfigProperty({description: 'Enables random link generation. NOTE: With the current implementation, it poses a security risk. See https://github.com/bpatrik/pigallery2/issues/392'})
+  enabled: boolean = false;
 }

@SubConfigClass()
--- a/src/frontend/app/ui/settings/random-photo/random-photo.settings.component.html
+++ b/src/frontend/app/ui/settings/random-photo/random-photo.settings.component.html
@ -25,10 +25,17 @@

      <ng-container *ngIf="states.enabled.value  || settingsService.isSupported()">

-        <div class="alert alert-secondary" role="alert" i18n>
-          This feature enables you to generate 'random photo' urls.
-          That URL returns a photo random selected from your gallery.
-          You can use the url with 3rd party application like random changing desktop background.
+        <div class="alert alert-secondary" role="alert">
+          <ng-container i18n>
+            This feature enables you to generate 'random photo' urls.
+            That URL returns a photo random selected from your gallery.
+            You can use the url with 3rd party application like random changing desktop background.
+          </ng-container>
+          <br/>
+          <ng-container i18n>
+            Note: With the current implementation, it poses a security risk. See:
+          </ng-container>
+          <a href="https://github.com/bpatrik/pigallery2/issues/392">#392</a>
        </div>

      </ng-container>