Just looking at the code Essex (and Diablo) seem to be vulnerable in case you don't use delayed_delete. If you do, the code will return 403 but I'm not sure it won't still delete the image (after the delay) ?
Just looking at the code Essex (and Diablo) seem to be vulnerable in case you don't use delayed_delete. If you do, the code will return 403 but I'm not sure it won't still delete the image (after the delay) ?