We have moved to GitHub Issues
Created by Jon Dunfee 11 Aug 2013, 03:59:17 Updated by Stephan 20 Nov 2014, 15:54:23
Relates to: U4-2444
Noticed a lot of 404 errors in the log and discovered when the back office is pulling directory contents to load images for icon selection there is a thumbs.db file present. I found a [site|http://www.pawprint.net/news/article/84/Prevent-Windows-7-Thumbs-db-Files/] explaining how to stop generating the thumbs.db but not everyone may disable it on their hosting environment. I'm suggesting imposing a filter to current standard image formats for the web.
Maybe I'm paranoid, but do you feel this could be a potential security risk if an executable file is dropped in the folder? The browser will request a rendering for it as the src of the image tag for the drop down.
I noticed this was an issue brought up in another issue comment thread, [U4-2444|http://issues.umbraco.org/issue/U4-2444].
I might as well link to it.
ContentTypeControlNew as of 7.2 does not browse the directory (as described in U4-2444) anymore. ContentTypeControl is not used anymore (and should be obsoleted/removed BTW). Could not find any place where the described issue would still occur.
State: Can't Reproduce
Backwards Compatible: True
Affected versions: 6.1.3
Due in version: