[Clipart] Screenshot uploaded: #117

[Nathan Eady]

Nicu Buculei wrote:

> i agree we should have a mechanism for reviewing rejections, but i don't 
> think is wise to keep the images fully available in the 'rejected' 
> directory, this way an abuser can still use them (if he guess the new 
> location)

I know, it's security by obscurity.  If I thought it likely that
anyone reading this list would be one of the culprits, then obviously
we would need to put them somewhere different.  I did specifically
state their location in terms of the filesystem, rather than with
a URI, since I know the archives of this list are available on the
web and potentially could be indexed by search engines.  I believe
most of the people who know off the top of their heads how to
translate that filesystem path into the correct URI have shell
accounts on the server.  Others could figure it out, but one
wonders whether it is worth the trouble.

Still, if it gets to be a problem, we would want to change where
they are moved.  That's configurable in upload_svg.cfg by the way.
The thing is, the www-data user does have to have both read and
write permissions (at the filesystem level).  It needs read
permissions to the directory to avoid using conflicting filenames,
and it needs write permissions in order to move the files there.
But, we could set it up so that the rejected files are not served
via http.  In fact, we might even be able to do that with .htaccess
if Apache is configured to allow that.