Issue 2550928
Created on 2016-10-17 00:30 by rouilj, last changed 2016-10-21 01:22 by rouilj.
msg5910 |
Author: [hidden] (rouilj) |
Date: 2016-10-17 00:30 |
|
Uploading a file called:
.bash_profile
results in a dowload link that looks like:
http://localhost/demo/file11/.bash_profile
results in a 404 not found.
If I manually change the url to:
http://localhost/demo/file11/a.bash_profile
the file is successfully displayed/downloaded.
I wonder if my earlier patches to prevent unauthorized
path traversals are coming into play here.
-- rouilj
|
msg5911 |
Author: [hidden] (rouilj) |
Date: 2016-10-17 01:17 |
|
I have roundup running behind the hiawatha web server. Hiawatha
is blocking the url.
Had to add AllowDotFiles = yes to hiawatha config.
|
|
Date |
User |
Action |
Args |
2016-10-21 01:22:38 | rouilj | set | type: behavior |
2016-10-17 01:17:45 | rouilj | set | status: new -> closed resolution: invalid messages:
+ msg5911 |
2016-10-17 00:30:27 | rouilj | create | |
|