Add new attachment

Only authorized users are allowed to upload new attachments.

This page (revision-12) was last changed on 08-Jun-2005 20:50 by Administrator  

This page was created on 21-Feb-2005 22:14 by 208.147.67.129

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Difference between version and

At line 5 changed one line
|[Bug criticality]|MediumBug
|[Bug criticality]|[JSPWiki:MediumBug]
At line 7 changed one line
|[Bug status]|NewBug
|[Bug status]|ClosedBug
At line 14 changed one line
Um, try to create a page named 'CON' on a windows server indicates that the page already exists, and no edits are saved against it. I think it's getting confused with the device 'con'sole... probably?
Um, try to create a page named '[CON]' on a windows server indicates that the page already exists, and no edits are saved against it. I think it's getting confused with the device 'con'sole... probably?
At line 16 changed one line
Come to think of it, I'm curious what 'nul' would do... So okay, NUL, LPT1 all return a blank page, and... COM1 seems to hang the server waiting to do a ready from the serial device!
Come to think of it, I'm curious what 'nul' would do... So okay, NUL, LPT1 all return a blank page, and... COM1 seems to hang the server waiting to do a read from the serial device!
At line 19 added 35 lines
{{{
2005-02-21 15:12:53,324 [Thread-5] ERROR com.ecyrd.jspwiki.providers.AbstractFileProvider
ResearchWiki:CON - Failed to read
java.io.FileNotFoundException: D:\WikiHome\wikis\ResearchWiki\data\pages\CON.txt
(The system cannot find the file specified) at
java.io.FileInputStream.open(Native Method) at
java.io.FileInputStream.<init>(FileInputStream.java:103) at
com.ecyrd.jspwiki.providers.AbstractFileProvider.getPageText(AbstractFileProvider.java:169) at
com.ecyrd.jspwiki.providers.AbstractFileProvider.getPageText(AbstractFileProvider.java:150) at
com.ecyrd.jspwiki.providers.VersioningFileProvider.getPageText(VersioningFileProvider.java:217) at
com.ecyrd.jspwiki.providers.CachingProvider.getTextFromCache(CachingProvider.java:556) at
com.ecyrd.jspwiki.providers.CachingProvider.getPageText(CachingProvider.java:412) at
com.ecyrd.jspwiki.PageManager.getPageText(PageManager.java:171) at
...
}}}
I wonder if this has any security implications? Any comments from people who use windows?
-- JanneJalkanen
I confirm this bug. There is some info at [forum.java.sun.com|http://forum.java.sun.com/thread.jspa?threadID=544334&messageID=2644480].
As solution to this, we could create a filter, which checks the name of a wikipage. Similar to the
ProfanityFilter, which checks the content of an edited wiki page.
Windows users, could activate this filter.
Is there already such a filter?
-- StephanSchiessling
OK. So, apparently adding ".txt" to the file name is not enough... I'll add a patch to FileSystemProvider.mangleName() to rewrite certain page names (and BasicAttachmentProvider as well).
-- JanneJalkanen
Added a fix for 2.2.19 (all offending page names are prepended with "$$$" on Windows), though it's untested (I don't have a Windows machine; please someone check this!)
-- JanneJalkanen
Version Date Modified Size Author Changes ... Change note
12 08-Jun-2005 20:50 2.588 kB Administrator to previous
11 08-Jun-2005 20:50 2.525 kB Administrator to previous | to last
10 25-Apr-2005 14:50 2.384 kB Administrator to previous | to last
9 25-Apr-2005 14:47 2.383 kB Administrator to previous | to last
8 25-Apr-2005 13:12 2.17 kB StephanSchiessling to previous | to last
7 25-Apr-2005 12:15 2.166 kB StephanSchiessling to previous | to last
6 24-Apr-2005 01:41 1.762 kB Administrator to previous | to last
5 22-Feb-2005 18:53 1.65 kB 158.228.228.108 to previous | to last
4 21-Feb-2005 22:17 1.648 kB 208.147.67.129 to previous | to last
3 21-Feb-2005 22:17 1.649 kB 208.147.67.129 to previous | to last
2 21-Feb-2005 22:16 1.635 kB 208.147.67.129 to previous | to last
1 21-Feb-2005 22:14 0.724 kB 208.147.67.129 to last
« This page (revision-12) was last changed on 08-Jun-2005 20:50 by Administrator