Project

General

Profile

Actions

Defect #13760

closed

forward slashes in project name confuses attachment controller and gives 404 when downloading

Added by Hossam Hammady over 11 years ago. Updated over 11 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Attachments
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Affected version:

Description

If the project name contains a forward slash (/) no attachments can be downloaded as it confuses the attachments controller with a subdirectory within the files directory. I wonder why does the URL routing to the attachment download contain the project name and issue number, is it for security? /attachments/id is enough I believe, and the authorization module should take care of the rest.

your database manager version: Mysql 5.5.24-0ubuntu0.12.04.1
your Ruby version: ruby 1.8.7 (2011-06-30 patchlevel 352) [i686-linux]
your Rails version: 2.3.14
Error from Apache2 log:
HOST:IP- - [12/Apr/2013:21:30:34 +0000] "GET /attachments/2478/V%2Ff%20Controller%20-%20Test_332_Revision%20version-1.docx HTTP/1.1" 404 549 "http://HOST/issues/332" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/536.28.10 (KHTML, like Gecko) Version/6.0.3 Safari/536.28.10"

Actions #1

Updated by Ivan Cenov over 11 years ago

I cannot reproduce in Redmine 2.3.0:

Created project with name 'slash/inname'.
Created issue in it and attached a file ('about.php') to this issue
Then I was able to download and view this file in a text editor.

Actions #2

Updated by Toshi MARUYAMA over 11 years ago

  • Status changed from New to Closed

1.3.2 is not maintained.
Please upgrade to 2.3.0.

Actions

Also available in: Atom PDF