[ https://issues.apache.org/jira/browse/SLING-10225?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Karl Pauls resolved SLING-10225. -------------------------------- Resolution: Fixed Done in https://github.com/apache/sling-org-apache-sling-engine/pull/15 We now don't allow empty selectors as well as not allowing /.. or really and segment with only dots. > Files with ".." In Name Throw 400 Exception > ------------------------------------------- > > Key: SLING-10225 > URL: https://issues.apache.org/jira/browse/SLING-10225 > Project: Sling > Issue Type: Bug > Components: Engine > Affects Versions: Engine 2.7.4 > Reporter: Dan Klco > Assignee: Karl Pauls > Priority: Critical > Fix For: Engine 2.7.6 > > Time Spent: 1h 40m > Remaining Estimate: 0h > > SLING-9741 and the [associated > PR|https://github.com/apache/sling-org-apache-sling-engine/pull/11] > introduced a regression where the Sling Engine will return a 400 error on > requests based on the presence of ".." in the URL when not preceded by a > slash. > This is an issue as file names may contain multiple periods and it is not > obvious that it would cause an issue to upload a file with two periods in the > name. > h2. Reproduction steps: > * Update a Sling instance to use Engine 2.7.4 > * Upload a file containing .. in the path > * Attempt to get the file or any path with the file as a suffix > * Note this returns a 400 error -- This message was sent by Atlassian Jira (v8.3.4#803005)