Los usuarios que no están en los grupos permitidos de publicaciones de medios incrustados pueden eludir la restricción de carga copiando el enlace de la imagen cargada.

copymonopoly · 1 Noviembre, 2025 22:54

Steps to Reproduce

Set Newuser max embedded media = 0

This correctly prevents new users from uploading images before they upload them

Configure Embedded media post allowed groups

Exclude certain groups from the allowed list
When a user not in the allowed groups uploads an image:
- The image can appear in the editor
- Only when submitting the post is it blocked

Problem

During editing, the user can copy the link of the uploaded image to bypass the upload restriction and post it

Expected Behavior

Our goal is to prevent users from uploading images. Users not in the allowed groups should not be able to insert any embedded media into the editor at all — it should block uploads at the time of uploading, just like when Newuser max embedded media = 0 is applied.

Otherwise they can copy the link of the uploaded image and effectively bypass the restriction to upload it.

Tema		Respuestas	Vistas
Media Issue Support	3	54	5 Agosto 2024
YouTube link cannot be pasted if user is not part of "Embedded media post allowed groups" Bug embedding , onebox	0	35	10 Junio 2025
New user cannot upload images? Support	4	1198	14 Agosto 2020
Discobot's new user tutorial, stuck at upload image step Bug	7	644	12 Agosto 2020
Review media and embedded media setting Bug	6	587	2 Septiembre 2024

Los usuarios que no están en los grupos permitidos de publicaciones de medios incrustados pueden eludir la restricción de carga copiando el enlace de la imagen cargada.

Steps to Reproduce

Expected Behavior

Temas relacionados