You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Robert wunsch (Jira)" <ji...@apache.org> on 2021/06/10 12:37:00 UTC
[jira] [Comment Edited] (SLING-10225) Files with ".." In Name Throw
400 Exception
[ https://issues.apache.org/jira/browse/SLING-10225?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17360853#comment-17360853 ]
Robert wunsch edited comment on SLING-10225 at 6/10/21, 12:36 PM:
------------------------------------------------------------------
Hi [~karlpauls], thanks for getting back!
Yes, Classic UI (AEM) is creating "empty selectors" which are now causing problems in Authoring - Classic UI.
The same project is concerned about potentially usingĀ "empty selectors" in their "website-project" (but are not sure) - and would see it as problematic if "suddenly" the SLING behavior would change, causing websites to deliver "400" on these pages.
Generally a lot of SLING-projects could use "empty selectors" in their projects without problems, which would change as soon as Sling-Engine 2.7.4 would be used (SLING-9741).
was (Author: wunsch):
Hi [~karlpauls], thanks for getting back!
Yes, Claasic UI (AEM) is creating "empty selectors" which are now causing problems in Authoring - Classic UI.
The same project is concerned about potentially usingĀ "empty selectors" in their "website-project" (but are not sure) - and would see it as problematic if "suddenly" the SLING behavior would change, causing websites to deliver "400" on these pages.
Generally a lot of SLING-projects could use "empty selectors" in their projects without problems, which would change as soon as Sling-Engine 2.7.4 would be used (SLING-9741).
> Files with ".." In Name Throw 400 Exception
> -------------------------------------------
>
> Key: SLING-10225
> URL: https://issues.apache.org/jira/browse/SLING-10225
> Project: Sling
> Issue Type: Bug
> Components: Engine
> Affects Versions: Engine 2.7.4
> Reporter: Dan Klco
> Assignee: Karl Pauls
> Priority: Critical
> Fix For: Engine 2.7.6
>
> Time Spent: 1h 40m
> Remaining Estimate: 0h
>
> SLING-9741 and the [associated PR|https://github.com/apache/sling-org-apache-sling-engine/pull/11] introduced a regression where the Sling Engine will return a 400 error on requests based on the presence of ".." in the URL when not preceded by a slash.
> This is an issue as file names may contain multiple periods and it is not obvious that it would cause an issue to upload a file with two periods in the name.
> h2. Reproduction steps:
> * Update a Sling instance to use Engine 2.7.4
> * Upload a file containing .. in the path
> * Attempt to get the file or any path with the file as a suffix
> * Note this returns a 400 error
--
This message was sent by Atlassian Jira
(v8.3.4#803005)