Hi RjOllos, Sorry for the late reply. Yes we do, my understand is that it was uploaded as an attachment to a milestone.
Ian On Friday, 13 December 2013 20:13:05 UTC, RjOllos wrote: > > On Thursday, November 21, 2013 4:56:23 AM UTC-8, Ian Clark wrote: >> >> Hi all, >> >> I believe we've found an edge case which isn't correctly caught by the >> *match_request() >> *method in >> attachment.py:462<http://trac.edgewall.org/browser/trunk/trac/attachment.py#L462>. >> >> >> >> If a filename contains a new line character (e.g. in our case a line >> feed), then it will never be picked up by the match_request method as the >> final match group (.*) doesn't account for new lines. >> >> One suggested patch would be to add the *re.S* flag to the match, but I >> wanted to check if anyone knew of any issues (e.g. security) which might >> arise from this, particularly if any other places in Trac Core assume that >> a filename doesn't contain a new line character. >> >> Kind regards, >> >> Ian >> > > Ian, Do you actually have a file in your Trac system that has an embedded > newline? If so, how did it get there (e.g. upload through browser, > trac-admin add, XmlRpc attachment add, ...)? We should make sure to cover > that case in the patch for #11395. > -- You received this message because you are subscribed to the Google Groups "Trac Development" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/trac-dev. For more options, visit https://groups.google.com/groups/opt_out.
