RSS Headache and Possible Security Hole

lkjs

1) Watermarks are completely circumvented via RSS. There is a direct link to the full sized jpg files without image compression. It looks like this in firefox:

Media files
http://www.mydomain.com/zenphoto/my-amazing-artwork.jpg (JPEG Picture, 8.4 MB)

I tried what I could but cannot figure out how to stop it form writing this in the RSS feed. Perhaps there is a simple way to stop this in htaccess? The media toggle doesn't seem to work either.

I'm using 1.4.0.3 and soon to be upgrading because of the hack attacks.

lkjs

Solution: Purge RSS cache and the toggle in the settings work. I confused myself I guess tired.

Leaving this up so anyone who has the same problem can find the answer. This should probably default as off.

acrylian

We generally think that a rss cache is a good idea as it will lower the workload for the server if you have lots of subscribers.

lkjs

Agree, it just didn't show up and by default the media direct links are left enabled. This is a hole to get the full sized files without the watermarks.

Everything fine now, perhaps they should default as unchecked in future.

Do you know if there is any good way to merge the gallery and and blog feeds as one for technorati with zenpage? Looks like it would need some customising. Thinking how best to tackle it.

acrylian

About merging see my response on the other thread. We will look into the watermark thing. Best you file a ticket that we don't forget in this current busy time...