Vulnerability in EPiServer.Forms
I was pleased to see that an expiration date could be set on a media file (in this case a jpg). But I was surprised to see that a link to an expired image displays the image anyway. Our client wants media to automatically become unavailable after a certain date. How can this be achieved?
Hi Pete, on my EPiServer 8 installation this work as expected. If you are logged in you are still able to see the image though. Could that be the problem?
I tried logging out but still see the image. We are using 7.5, in particular 7.19.2 for EPiServer.CMS.Core
How are you linking to the media?
It is a ContentReference in the model, set by the editor. Accessed in the cshtml; after checking:
it is used as follows:
<img src="@Url.ContentUrl(Model.SmallImage)" class="img-responsive">
My guess is that the image is cached in the browser. Try clearing the cache or using Ctrl-F5 to hard-reload the page.
Thanks Linus, I guess the problem must have had something to do with that. Although, oddly enough, I am unable to recreate the anomaly (I tried resetting the image as unexpired, got it in the browser, then reset it to expire in a few minutes; after that time a simple refresh and the image disappeared. )