View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0004661 | mantisbt | documentation | public | 2004-10-05 01:49 | 2004-11-06 06:22 |
Reporter | PatPowerMan | Assigned To | thraxisp | ||
Priority | normal | Severity | major | Reproducibility | always |
Status | closed | Resolution | no change required | ||
Product Version | 0.19.0 | ||||
Summary | 0004661: Path in file upload doesn't contains any backslashes in db | ||||
Description | If I upload a file to disk, the db-entry in the table mantis_project_file_table (field diskfile) doesn't contain any backslashes. | ||||
Additional Information | I work on a W2k3-Server with IIS6 and have configured the upload path in the project-settings. | ||||
Tags | No tags attached. | ||||
I think, I've found the error (for my Win/IIS-environment only?): If you change '$t_disk_file_name' to '$c_disk_file_name' in row 99 in the file 'proj_doc_add.php', the correct path will be written to the table 'mantis_project_file_table' (including backslashes). I'm not sure if this is the right way for a possible solution. If not, please tell me how I should report it in the future. How could this be added in a next version? Filename: proj_doc_add.php Complete OLD row 99: ($t_project_id, '$c_title', '$c_description', '$t_disk_file_name', '$c_file_name', '$c_file_path', $c_file_size, '$c_file_type', " . db_now() .", '$c_content')"; Complete NEW row 99: |
|
Could you retest this with the latest version from CVS? I believe that I fixed this last week for 0.19.1. |
|
I'm not familiar with CVS - pls give me some time, Hmm: connect to cvs.sourceforge.net:2401 failed - our corporate firewall doesn't like this port... How can I use the CVS "offline"? bearbeitet am: 10-06-04 07:36 |
|
CVS works@home .-) I have tested the 'project_doc_add.php' 1.45 and it works: the backslashes are written correctly to the database-field 'diskfile'. BUT: Why do you rename the uploaded files on disk to names like 2bb562e5c4db46b7c45947002e5fa9b6? Can they not keep the original names like "my wonderfull excel-sheet.xls"? |
|
The obfuscated file names are part of our security measures if the file upload directory are within the mantis root directory. In this case, they are accessible to anyone with a browser. Obfuscation helps with this and malicious file uploading. |
|
fixed by an earlier submission. |
|