Issue 2550928: File urls with leading period results in 404 - Roundup tracker

classification

Title:	File urls with leading period results in 404
Type:	behavior	Severity:	major
Components:	Web interface	Versions:	devel

process

Status:	closed	Resolution:	invalid
Dependencies		Superseder:
Assigned To:	rouilj	Nosy List:	rouilj
Priority:	high	Keywords:

Created on 2016-10-17 00:30 by rouilj, last changed 2016-10-21 01:22 by rouilj.

Messages
msg5910	Author: [hidden] (rouilj)	Date: 2016-10-17 00:30
Uploading a file called: .bash_profile results in a dowload link that looks like: http://localhost/demo/file11/.bash_profile results in a 404 not found. If I manually change the url to: http://localhost/demo/file11/a.bash_profile the file is successfully displayed/downloaded. I wonder if my earlier patches to prevent unauthorized path traversals are coming into play here. -- rouilj
msg5911	Author: [hidden] (rouilj)	Date: 2016-10-17 01:17
I have roundup running behind the hiawatha web server. Hiawatha is blocking the url. Had to add AllowDotFiles = yes to hiawatha config.

History
Date	User	Action	Args
2016-10-21 01:22:38	rouilj	set	type: behavior
2016-10-17 01:17:45	rouilj	set	status: new -> closed resolution: invalid messages: + msg5911
2016-10-17 00:30:27	rouilj	create