Add a hook_requirements() error to nag people to turn the 'image_allow_insecure_derivatives' variable off

Created on 7 March 2013, about 12 years ago

Updated 17 March 2025, about 1 month ago

In light of http://drupal.org/drupal-7.21-release-notes and Drupal 7.20 before that, I think this would be a good idea. We expect some sites to be using this variable for a little while longer, but it's still not fully secure and they shouldn't forget about it and leave it on forever.

Could maybe go in the Image Allow Insecure Derivatives module instead, but I think it makes sense in core.

📌 Task

Status

Postponed: needs info

Version

11.0 🔥

Component

image.module

Created by

🇺🇸United States David_Rothstein

Live updates comments and jobs are added and updated live.

Needs backport to D7
After being applied to the 8.x branch, it should be considered for backport to the 7.x branch. Note: This tag should generally remain even after the backport has been written, approved, and committed.

SprintWeekend2013

stale-issue-cleanup
To track issues in the developing policy for closing stale issues, [Policy, no patch] closing older issues

Incomplete comments

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Comment about 1 month ago →
🇺🇸United States smustgrave
Thank you for creating this issue to improve Drupal.

We are working to decide if this task is still relevant to a currently supported version of Drupal. There hasn't been any discussion here for over 8 years which suggests that this has either been implemented or is no longer relevant. Your thoughts on this will allow a decision to be made.

Since we need more information to move forward with this issue, the status is now Postponed (maintainer needs more info). If we don't receive additional information to help with the issue, it may be closed after three months.

Thanks!

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024