From a811d14893e4f1cae36a17c850585b6a8d16b1d0 Mon Sep 17 00:00:00 2001 From: "Michael J. Chudobiak" Date: Fri, 11 May 2012 09:37:24 -0400 Subject: thumbnail: Do not save failed thumbnails for unreadable images https://bugs.freedesktop.org/show_bug.cgi?id=49799 See http://lists.freedesktop.org/archives/xdg/2012-May/012398.html --- thumbnail/thumbnail-spec.sgml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'thumbnail') diff --git a/thumbnail/thumbnail-spec.sgml b/thumbnail/thumbnail-spec.sgml index cc6c70c..d142e95 100644 --- a/thumbnail/thumbnail-spec.sgml +++ b/thumbnail/thumbnail-spec.sgml @@ -467,6 +467,12 @@ $XDG_CACHE_HOME/thumbnails/fail/ way we assure that if a user creates a thumbnail for a file where only he has read-permissions no other user can take a glance on it through the backdoor with the thumbnails. + + Programs should first check that the original image file is readable. + If it is not, the program should not attempt to read a thumbnail from the + cache, and it should not save any information in the cache (including + "failed" thumbnails). Otherwise, thumbnailing will be prevented even if the + permissions are changed to permit reading. Concurrent Thumbnail Creation An important goal @@ -608,7 +614,7 @@ if (file.mtime != thumb.MTime) { with the name of the program appended by the version number (eg. $XDG_CACHE_HOME/thumbnails/fail/nautilus-1.0). - For every thumbnail generation failure the program creates an empty + For every thumbnail generation failure of a readable image, the program creates an empty PNG file. If it's possible to obtain some additional information from the image (see Store Additional Information) they should be stored together with the thumbnail -- cgit v1.2.3-70-g09d2