[ http://jira.magnolia.info/browse/MAGNOLIA-1564?page=comments#action_14169 ] Amir Mistric commented on MAGNOLIA-1564: ----------------------------------------
This may or may not be related but another interesting detail regarding images uploaded via fckEditor: regardless of the image extension and/or name in the URL the image always displays... For example: upload "someimage.jpg" on page1 paragraph 00..... direct URL is: http://server.company.org/magnoliaPublic/www/page1/center-column/00/content_files/file/someimage.jpg but all of these also work: http://server.company.org/magnoliaPublic/www/page1/center-column/00/content_files/file/s http://server.company.org/magnoliaPublic/www/page1/center-column/00/content_files/file/someimage http://server.company.org/magnoliaPublic/www/page1/center-column/00/content_files/file/someimagejpg http://server.company.org/magnoliaPublic/www/page1/center-column/00/content_files/file/some-image-jpg http://server.company.org/magnoliaPublic/www/page1/center-column/00/content_files/file/Whatever_I_want_to_put_in_here If this is desired behaviour then so be it but imagine some reputable public website with a person's picture (lastname-firstname.jpg) and some malicious user sending links with profane language as a last part of the url.... The could put in whatever they want and the picture would still show.... To an ordinary end user it would appear as if the company is hosting a valid image with an obscene name! Not good... > Accessing a page without proper extension should return 404 error > ----------------------------------------------------------------- > > Key: MAGNOLIA-1564 > URL: http://jira.magnolia.info/browse/MAGNOLIA-1564 > Project: Magnolia > Issue Type: Improvement > Environment: 3.1-SNAPSHOT > JBoss 4.0.5GA > Reporter: Amir Mistric > Assigned To: Boris Kraft > Priority: Minor > > Since there was some discussion on the dev list regarding this (see > http://webmail.magnolia.info/Lists/dev-list/Message/10155.html) I thought it > would be prudent to report it. > Problem: > Accessing a page without proper extension does not return a 404 - Page not > found error > http://server.company.org/magnoliaPublic/www/doesnotexist/page1.html > (404 - not found) > http://server.company.org/magnoliaPublic/www/page1 > (found !) > http://server.company.org/magnoliaPublic/www/page1.doesnotexist > (found !) > http://server.company.org/magnoliaPublic/www/page1.whatever > (found !) > The behaviour should be consistent and only cetrain extensions should be > valid (perhaps default server extension and defined subtemplates,,,,) > As you can see in the list thread this may not be easy to accomplish... -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.magnolia.info/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira ---------------------------------------------------------------- for list details see http://www.magnolia.info/en/developer.html ----------------------------------------------------------------
