Posted 8 months ago #
Today I was unpleasantly surprised to find out that the function /index.php?callback=imagerotator displays all images published, even the ones published in private and password protected pages. (I know, NextGen Galley has no way to identify images published on protected pages).
I consider this quite an security issue, as this allows anyone to view all images published via NextGen Gallery.
Please let me know if there is a workaround or solution available.
Yes your are right, NGG didn't support private/password solutions. it's simply not the way how this plugin works. You can only "exclude" images so they will not shown up
Posted 8 months ago #
Dear Alex,
Thanks for your quick response. The function shows ALL images published using Nextgen. Not as a Gallery but as an XML that Google indexes. I'd like to know if there is a way to disallow this. I, and perhaps a lot of other users, do not see the added value of this function. From what I know a lot of photographers happily use Nextgen for their client galleries. These images are typically personal and shouldn't be accassible to the public unless explicitly choosen for.
Excluding images will disable them from showing up indeed, but this inludes the gallery the images should be shown into.
I'd like to inform if there is a solution for this. The nicest way would be an option that allows you to make a distinctive choice wheter you'd allow Nextgen to publish the XML or not.
Kind regards,
Auke Rensen
This function is used for the slideshow ( if you want to show a random image from your gallery ), there are plans to limit this to 100 or 200 images, but it's still intentional to show them as xml output. If you don't want to work with sildeshow, place at at the top of the imagerotator.php file a <?php die(); ?>, the script will return a empty file.
Would be this a solution for you ?
You must log in to post.
