[MAGNOLIA-532] Filenames with special characters produce 403 Created: 20/Aug/05 Updated: 23/Jan/13 Resolved: 06/Oct/05 |
|
| Status: | Closed |
| Project: | Magnolia |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 2.1 Final |
| Type: | Bug | Priority: | Major |
| Reporter: | Michael Aemisegger | Assignee: | Sameer Charles |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | 0.75d | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | 0.75d | ||
| Environment: |
all |
||
| Template: |
|
| Acceptance criteria: |
Empty
|
| Task DoD: |
[ ]*
Doc/release notes changes? Comment present?
[ ]*
Downstream builds green?
[ ]*
Solution information and context easily available?
[ ]*
Tests
[ ]*
FixVersion filled and not yet released
[ ] 
Architecture Decision Record (ADR)
|
| Bug DoR: |
[ ]*
Steps to reproduce, expected, and actual results filled
[ ]*
Affected version filled
|
| Date of First Response: |
| Description |
|
Example: If the filename specified in the samples download paragraph contains special characters (e.g. german umlaute), then magnolia returns a 403 http status code. Even if the requested filename is URL encoded. In AccessManagerImpl.getPermissions(String) the requested URL is matched against the ACL. The internal ACL patterns do not support special characters, hence a AccessDeniedException is thrown. |
| Comments |
| Comment by Michael Aemisegger [ 20/Aug/05 ] |
|
Sorry, wrong project. Can you redirect this bug to magnolia-wcm? |
| Comment by Sameer Charles [ 05/Oct/05 ] |
|
michael, I cannot reproduce this bug. Since URL is encoded I dont see how is it possible that access manager failed to check. for example /home/headerä.jpg |
| Comment by Michael Aemisegger [ 05/Oct/05 ] |
|
I can. On the page 'Magnolia Products' of the demo site I changed magnolia_bpm_V2.pdf to magnolia_bpm_V2_äöü.pdf result is a 403. I use Firefox 1.0.4 on Linux. |
| Comment by Alexandru Popescu [ 05/Oct/05 ] |
|
I cannot reproduce it with Magnolia trunk on Windows and Firefox 1.0.7. Michael can you debug it and tell us where this is happening? Thanks, ./alex |
| Comment by Michael Aemisegger [ 05/Oct/05 ] |
|
Hey, all information already is in the description. What about the document link I changed on the demo site? Can you click on it and view the document or do you get a 403? |
| Comment by Sameer Charles [ 05/Oct/05 ] |
|
Authorization changed in current trunk and this has been fixed. Its a bug in released version 2.1 |
| Comment by Alexandru Popescu [ 05/Oct/05 ] |
|
I am trying to help here... so sorry for asking about more infos Indeed I get an 403 with the message The problem comes from the SimpleUrlPattern which is using a java.util.regex.Pattern that does not allow UTF-8 chars. |
| Comment by Sameer Charles [ 06/Oct/05 ] |
|
updated on svn, added unicode regex pattern http://svn.magnolia.info/svn/magnolia/branches/magnolia2.1/src/main/info/magnolia/cms/util/SimpleUrlPattern.java |