cubicweb-brainomics #2940242 genetics should not be downloadable [resolved]
Go the page of a genomics measure, for example genomic_measure_BH070095.
There are three buttons in the left column:
Button 2 (Zip) is a serious security problem: it gives access to the genetics. This is totally prohibited on a public server.
Please remove button 2 and make sure there is no way to download the genetics files.
By the way, the Zip button doesn't work right now, because it adds the ".bed" extension to the ".bim" extension:
une erreur est survenue
Otherwise the view itself and buttons 1 (Xcede) and 3 (CSV) are OK because they only give access to metadata.
|closed by||<not specified>|
|patch||[schema, views] Add basic security on GenomicMeasures' filepaths. Forbid anonymous users access to zip archive of GenomicMeasures (closes #2940242). [rejected]Properly handle file extensions for BED/BIM/FAM files [applied]|