Per,
I actually made sure the file (filename.jpg) was at each location. If
it was allowed access, and the file was not there, I would have seen the
html page that is generated from part of my pipeline. I've tried
requesting the file when it wasn't there, and I was allowed access, and
I saw my cu
> It seems that absolute URLs are not a problem. The following examples
> give
> me an error page:
>
> URI:
>
> /../filename.jpg
> /download/../../filename.jpg
> /images/../../filename.jpg
>
> error page:
>
> HTTP Status 404 - /filename.jpg
>
> -
> It might be a concern to others, but doing it in the resolver
> would probably break just about everything in C2: the
> resolver is used by the sitemap to get relative URLs for
> every pipeline, matcher etc. And viewing the source using the
> samples might use relative paths.
>
> I suggest
> Wow! Great comment. I changed the URI to:
>
> /download?file=../../../conf/web.xml
>
> and actually accessed the file. Is this a concern to anyone else?
>
> Thanks Per.
Sure.
It might be a concern to others, but doing it in the resolver would probably
break just about everything in C2: the r
Matthew Hailstone wrote:
>I see. So the element, notwithstanding it is inside the
> element, is actually still inside the
> element's scope.
>
Yes, this is correct.
> From your comment, I suppose I
>should have known this because it follows the XSLT specification.
>
No, this has no relation
Wow! Great comment. I changed the URI to:
/download?file=../../../conf/web.xml
and actually accessed the file. Is this a concern to anyone else?
Thanks Per.
Matthew
> Note: not sure if this will happen, but passing the file name
> as a request, you may want to make sure that it doesn't
>
er prevents this automatically or not.
Per
> -Original Message-
> From: Matthew Hailstone [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, August 20, 2002 11:21 AM
> To: [EMAIL PROTECTED]
> Subject: RE: Download Server - directory access denied
>
>
> I see. So the el
I see. So the element, notwithstanding it is inside the
element, is actually still inside the
element's scope. From your comment, I suppose I
should have known this because it follows the XSLT specification.
Thanks again! That is very helpful to know.
Matthew
> >
> >
> >
> >
> >
>
Matthew Hailstone wrote:
>Vadim,
> Thanks for relating my problem to the FAQ. Now I understand. :) That
>was the problem.
>
>Interesting to note, though, here is the change that fixed the problem:
>
>
>
>
>
1> Entered match scope
>
>
>
2> Entered act "request
Vadim,
Thanks for relating my problem to the FAQ. Now I understand. :) That
was the problem.
Interesting to note, though, here is the change that fixed the problem:
--- section of change ---
Matthew Hailstone wrote:
>I am trying to create a download server. ;) Here is the pipeline
>fragment and the error page:
>
>Environment:
>
>Win2K
>Tomcat 4.1.3
>Cocoon 2.0.3
>jdk 1.3.1_03
>
>pipeline:
>
>
>
>
>
>
>
>
>
Hi Matthew!
| Von: Matthew Hailstone [mailto:[EMAIL PROTECTED]]
[...]
| pipeline:
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| erro
I am trying to create a download server. ;) Here is the pipeline
fragment and the error page:
Environment:
Win2K
Tomcat 4.1.3
Cocoon 2.0.3
jdk 1.3.1_03
pipeline:
13 matches
Mail list logo
