[JSPWIKI-5] VersioningFileProvider allows creation of pages that start with a dot - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 2.5.139-beta
Fix Version/s: 2.8
Component/s: Core & storage
Labels:
None
Environment:

Ubuntu Linux, JDK 1.5

Description

By manipulating the JSP fields directly, it's possible to upload a file (e.g. ".."), which ends up in the page directory under the name "..-att". This does not otherwise affect JSPWiki operation, but it does make that data inaccessible and invisible.

Proposal is to make sure that dots should also be escaped when saving a file.

Attachments

Activity

People

Assignee:: Janne Jalkanen

Reporter:: Janne Jalkanen

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 22/Oct/07 11:52

Updated:: 10/Sep/11 23:28

Resolved:: 20/Apr/08 15:15