Disabling random link by default as it poses a security risk. #392

src/common/config/public/ClientConfig.ts

@@ -57,8 +57,8 @@ export class ClientSharingConfig {
 
 @SubConfigClass()
 export class ClientRandomPhotoConfig {
-  @ConfigProperty()
+  @ConfigProperty({description: 'Enables random link generation. NOTE: With the current implementation, it poses a security risk. See https://github.com/bpatrik/pigallery2/issues/392'})
-  enabled: boolean = true;
+  enabled: boolean = false;
 }
 
 @SubConfigClass()

src/frontend/app/ui/settings/random-photo/random-photo.settings.component.html

@@ -25,10 +25,17 @@
 
       <ng-container *ngIf="states.enabled.value  || settingsService.isSupported()">
 
-        <div class="alert alert-secondary" role="alert" i18n>
+        <div class="alert alert-secondary" role="alert">
-          This feature enables you to generate 'random photo' urls.
+          <ng-container i18n>
-          That URL returns a photo random selected from your gallery.
+            This feature enables you to generate 'random photo' urls.
-          You can use the url with 3rd party application like random changing desktop background.
+            That URL returns a photo random selected from your gallery.
+            You can use the url with 3rd party application like random changing desktop background.
+          </ng-container>
+          <br/>
+          <ng-container i18n>
+            Note: With the current implementation, it poses a security risk. See:
+          </ng-container>
+          <a href="https://github.com/bpatrik/pigallery2/issues/392">#392</a>
         </div>
 
       </ng-container>