Note: not sure if this will happen, but passing the file name as a request, you may want to make sure that it doesn't contain a sequence of '../' such that the user is walking up your tree to get at some other resource outside 'download'. I'm not sure if the resolver prevents this automatically or not.
Per > -----Original Message----- > From: Matthew Hailstone [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, August 20, 2002 11:21 AM > To: [EMAIL PROTECTED] > Subject: RE: Download Server - directory access denied > > > I see. So the <map:parameter> element, notwithstanding it is inside the > <map:act type="resource-exists"> element, is actually still inside the > <map:act type="request"> element's scope. From your comment, I suppose I > should have known this because it follows the XSLT specification. > > Thanks again! That is very helpful to know. > > Matthew > > > > > > > <!-- Download Server --> > > > <map:pipeline> > > > <map:match pattern="download"> > > > > > > > 1> Entered match scope > > > > > <map:act type="request"> > > > <map:parameter name="parameters" value="true"/> > > > > > > > 2> Entered act "request" scope > > > > > <map:act type="resource-exists"> > > >------------------- section of change > > ------------------------------- > > > <map:parameter name="url" value="download/{file}"/> > > > > > > > 3> Entered act "resource-exists" scope > > > > > <map:read src="download/{../file}"/> > > >------------------- section of change > > ------------------------------- > > > > > > > 3> About to exit act "resource-exists" scope > > > > > </map:act> > > > > > > > 2> Again at act "request" scope > > > > > <map:generate src="filenotfound.xml"/> > > > <map:transform src="filenotfound2html.xsl"/> > > > <map:serialize/> > > > > > > > 2> About to exit act "request" scope > > > > > </map:act> > > > > > > > 1> About to exit match scope > > > > > </map:match> > > > </map:pipeline> > > > > > See at scopes of variables. Parameters are not separate entities but > > belong to the parent tag (same as in XSLT). > > > > Vadim > > > > > > --------------------------------------------------------------------- > Please check that your question has not already been answered in the > FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html> > > To unsubscribe, e-mail: <[EMAIL PROTECTED]> > For additional commands, e-mail: <[EMAIL PROTECTED]> > > --------------------------------------------------------------------- Please check that your question has not already been answered in the FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html> To unsubscribe, e-mail: <[EMAIL PROTECTED]> For additional commands, e-mail: <[EMAIL PROTECTED]>
