> On 14 Apr 2016, at 16:52, Marius Dumitru Florea > <[email protected]> wrote: > > On Thu, Apr 14, 2016 at 5:43 PM, Vincent Massol <[email protected]> wrote: > >> Hi devs, >> >> I’m implementing http://jira.xwiki.org/browse/XWIKI-10375 ("Refactor the >> temporary resource concept inside the Resource module”) and I need to >> define a URL format for the new “tmp” resource type. >> >> I’m proposing the following: >> >> > >> http://<server>/<context>/tmp/<module id>/<serialized owner document >> reference>/<module-dependent resource path> >> > > Serialized document reference uses backslash to escape special characters > which breaks the URL in Tomcat for security reasons.
Yes but the same is true whether you have “A\.B.C” or "/A\.B/C”. That’s not a blocking issue anyway since we can easily transform them into other characters when we serialized and do the opposite when we parse the URL. > This is based on the existing TemporaryResourceReference at: >> >> https://github.com/xwiki/xwiki-platform/blob/96caad053c14fc5546e9bc141bc284e6112dd48e/xwiki-platform-core/xwiki-platform-resource/xwiki-platform-resource-default/src/main/java/org/xwiki/resource/temporary/TemporaryResourceReference.java#L33-L33 >> >> For example: >> >> http:// >> <server>/<context>/tmp/officeviewer/A.B.WebHome/Q29tcGFueSBQcmVzZW50YXRpb24ucHB0/Company+Presentation-slide0.jpg >> >> Note that in this example from the officeviewer macro the module-dependent >> resource path consists in: >> > > >> - base64(name of office attachment + hashcode(parameters)) >> > > See http://jira.xwiki.org/browse/XWIKI-11528 for the rationale behind it. I > was trying to avoid backslash (from the serialized attachment reference) in > the URL. Yes. However the image name “Company Presentation-slide0” could also contain slash or backlashes too. Note that I wasn’t sure why you you didn’t compute the base64 of both the name of attachment + the parameters instead of having 2 directory levels consisting in the base64 of the attachment name + the hashcode of the parameters as different path segments. Need to check XWIKI-11528, maybe it’s there. IMO we need to treat all path segments in the same way and convert slash and backslash into some other characters. I’m not sure we need the base64 solution. But anyway this is an implementation detail of the officeviewer module and not really related to the discussion of the generic Temporary URL format. Thanks -Vincent > - generated image name from PPT >> >> In this case, the implementation would generate the following file: >> >> >> [TMPDIR]/officeviewer/A/B/WebHome/Q29tcGFueSBQcmVzZW50YXRpb24ucHB0/Company+Presentation-slide0.jpg >> >> WDYT? >> >> Thanks >> -Vincent _______________________________________________ devs mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/devs
