Roundup Tracker - Issues

Message5910

Author rouilj
Recipients rouilj
Date 2016-10-17.00:30:26
Message-id <1476664227.25.0.427068726554.issue2550928@psf.upfronthosting.co.za>
In-reply-to 
Uploading a file called:

.bash_profile

results in a dowload link that looks like:

  http://localhost/demo/file11/.bash_profile

results in a 404 not found.

If I manually change the url to:

  http://localhost/demo/file11/a.bash_profile

the file is successfully displayed/downloaded.

I wonder if my earlier patches to prevent unauthorized
path traversals are coming into play here.

-- rouilj
History
Date User Action Args
2016-10-17 00:30:27rouiljsetrecipients: + rouilj
2016-10-17 00:30:27rouiljsetmessageid: <1476664227.25.0.427068726554.issue2550928@psf.upfronthosting.co.za>
2016-10-17 00:30:26rouiljlinkissue2550928 messages
2016-10-17 00:30:26rouiljcreate

Supported by The Python Software Foundation,
Powered by Roundup

Last modified: Fri Feb 28 22:02:04 EST 2020