- Affected version
- 2.3.0 Beta 6
Steps to reproduce
The generated
Suggested Mitigation
Make the hashes automatically expire after a configurable expire time
- Configure a proxy secret
- Start a new post
- Insert an external image
- Click preview
- Copy the generated image URL
The generated
proxy.php
URL can now be used externally forever until the secret is changed without the image ever being displayed anywhere publically in XenForoSuggested Mitigation
Make the hashes automatically expire after a configurable expire time