Wrong URL and access permissions on issue attachments
Created by: mikehaertl
I have installed GitLab 5.0 under a relative URL in /gitlab
. When i attach a file to an issue, the URL to that file is /files/note/1/hotel_photo.php
. It's missing the /gitlab
prefix. And according to the following issues, there should also be an /upload
prefix or something:
I could create a proxy rule in my webserver config - but what about access permissions for the files? Anyone could download them. I'd suggest to better use something like mod_xsendfile so you could check for permissions first, before you send the file.