Details
-
Bug
-
Status: Closed
-
Critical
-
Resolution: Cannot Reproduce
-
2.10.1
-
None
-
None
-
JSPWIKI on DISTRIB_ID=Ubuntu DISTRIB_RELEASE=16.04 DISTRIB_CODENAME=xenial DISTRIB_DESCRIPTION="Ubuntu 16.04.1 LTS"
apache-tomcat-7.0.54
Description
Appears that the form for loading attachments has a hard-coded "http" scheme.
<form action="http://ldapwiki.com/attach?progressid=287a52a3-05e8-4aed-b538-42761665122c"
class="wikiform"
id="uploadform"
method="post"
enctype="multipart/form-data" accept-charset="UTF-8"
onsubmit="return Wiki.submitUpload(this, '287a52a3-05e8-4aed-b538-42761665122c');" >
<table>
<tr>
<td colspan="2"><div class="formhelp">In order to upload a new attachment to this page, please use the following box to find the file, then click on “Upload”.</div></td>
</tr>
<tr>
<td><label for="attachfilename">Select file:</label></td>
<td><input type="file" name="content" id="attachfilename" size="60"/></td>
</tr>
<tr>
<td><label for="attachnote">Change Note:</label></td>
<td><input type="text" name="changenote" id="attachnote" maxlength="80" size="60" />
<input type="hidden" name="nextpage" value="/Upload.jsp?page=Main" /></td>
</tr>
<tr>
<td></td>
<td>
<input type="hidden" name="page" value="Main" />
<input type="submit" name="upload" id="upload" value="Upload" />
<input type="hidden" name="action" value="upload" />
<div id="progressbar"><div class="ajaxprogress"></div></div>
</td>
</tr>
</table>
</form>