Quantcast

[issue2550928] File urls with leading period results in 404

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[issue2550928] File urls with leading period results in 404

John Rouillard

New submission from John Rouillard:

Uploading a file called:

.bash_profile

results in a dowload link that looks like:

  http://localhost/demo/file11/.bash_profile

results in a 404 not found.

If I manually change the url to:

  http://localhost/demo/file11/a.bash_profile

the file is successfully displayed/downloaded.

I wonder if my earlier patches to prevent unauthorized
path traversals are coming into play here.

-- rouilj

----------
assignee: rouilj
components: Web interface
messages: 5910
nosy: rouilj
priority: high
severity: major
status: new
title: File urls with leading period results in 404
versions: devel

________________________________________________
Roundup tracker <[hidden email]>
<http://issues.roundup-tracker.org/issue2550928>
________________________________________________

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Roundup-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/roundup-devel
Loading...