[
https://issues.apache.org/jira/browse/SLING-10225?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17360853#comment-17360853
]
Robert wunsch edited comment on SLING-10225 at 6/10/21, 12:39 PM:
------------------------------------------------------------------
Hi [~karlpauls], thanks for getting back!
Yes, Classic UI (AEM) is creating "empty selectors" which are now causing
problems in Authoring - Classic UI.
The same project is concerned about potentially using "empty selectors" in
their "website-project" (but are not sure) - and would see it as problematic if
"suddenly" the SLING behavior would change, causing websites to deliver "400"
on these pages.
Generally a lot of SLING-projects could use "empty selectors" in their
projects without problems, which would change as soon as Sling-Engine 2.7.4
would be used (SLING-9741).
(late Addition:
I need to test this with Sling-Engine 7.4.6 (this ticket's resolution) - I have
not done that. Will do and come back. from the comments I however understood,
that "empty selectors" would generally not be allowed due to this ticket's
resolution.)
was (Author: wunsch):
Hi [~karlpauls], thanks for getting back!
Yes, Classic UI (AEM) is creating "empty selectors" which are now causing
problems in Authoring - Classic UI.
The same project is concerned about potentially using "empty selectors" in
their "website-project" (but are not sure) - and would see it as problematic if
"suddenly" the SLING behavior would change, causing websites to deliver "400"
on these pages.
Generally a lot of SLING-projects could use "empty selectors" in their
projects without problems, which would change as soon as Sling-Engine 2.7.4
would be used (SLING-9741).
> Files with ".." In Name Throw 400 Exception
> -------------------------------------------
>
> Key: SLING-10225
> URL: https://issues.apache.org/jira/browse/SLING-10225
> Project: Sling
> Issue Type: Bug
> Components: Engine
> Affects Versions: Engine 2.7.4
> Reporter: Dan Klco
> Assignee: Karl Pauls
> Priority: Critical
> Fix For: Engine 2.7.6
>
> Time Spent: 1h 40m
> Remaining Estimate: 0h
>
> SLING-9741 and the [associated
> PR|https://github.com/apache/sling-org-apache-sling-engine/pull/11]
> introduced a regression where the Sling Engine will return a 400 error on
> requests based on the presence of ".." in the URL when not preceded by a
> slash.
> This is an issue as file names may contain multiple periods and it is not
> obvious that it would cause an issue to upload a file with two periods in the
> name.
> h2. Reproduction steps:
> * Update a Sling instance to use Engine 2.7.4
> * Upload a file containing .. in the path
> * Attempt to get the file or any path with the file as a suffix
> * Note this returns a 400 error
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
