> On 14 Apr 2016, at 18:54, Vincent Massol <[email protected]> wrote:
>
>>
>> On 14 Apr 2016, at 18:46, Vincent Massol <[email protected]> wrote:
>>
>>>
>>> On 14 Apr 2016, at 17:55, Thomas Mortagne <[email protected]> wrote:
>>>
>>> On Thu, Apr 14, 2016 at 4:52 PM, Marius Dumitru Florea
>>> <[email protected]> wrote:
>>>> On Thu, Apr 14, 2016 at 5:43 PM, Vincent Massol <[email protected]> wrote:
>>>>
>>>>> Hi devs,
>>>>>
>>>>> I’m implementing http://jira.xwiki.org/browse/XWIKI-10375 ("Refactor the
>>>>> temporary resource concept inside the Resource module”) and I need to
>>>>> define a URL format for the new “tmp” resource type.
>>>>>
>>>>> I’m proposing the following:
>>>>>
>>>>>
>>>>
>>>>> http://<server>/<context>/tmp/<module id>/<serialized owner document
>>>>> reference>/<module-dependent resource path>
>>>>>
>>>>
>>>> Serialized document reference uses backslash to escape special characters
>>>> which breaks the URL in Tomcat for security reasons.
>>>
>>> Badly configured Tomcat does not like slash but are you sure about
>>> backslash ?
>>
>> Yes, it’s both.
>
> FTR http://tomcat.apache.org/tomcat-7.0-doc/config/systemprops.html#Security
Regarding Tomcat, I think we could have the URLRewriteFilter enabled by default
(something I’ve been wanting to do for a long-time anyway) that would handle
the “%2F“ and “%5C” characters in URLs:
* For incoming URLs rewrite some character found in the URL (for example
“%{2F}”) into “%2F” (same similar for %5C)
* For outgoing URLs, rewrite them to replace “%2F” and “%5C” into some other
characters (for example into “%{2F}” and “%{5C}”)
That should solve all issues for Tomcat.
WDYT?
Thanks
-Vincent
> -Vincent
>
>>
>> Thanks
>> -Vincent
>>
>>>
>>>>> This is based on the existing TemporaryResourceReference at:
>>>>>
>>>>> https://github.com/xwiki/xwiki-platform/blob/96caad053c14fc5546e9bc141bc284e6112dd48e/xwiki-platform-core/xwiki-platform-resource/xwiki-platform-resource-default/src/main/java/org/xwiki/resource/temporary/TemporaryResourceReference.java#L33-L33
>>>>>
>>>>> For example:
>>>>>
>>>>> http://
>>>>> <server>/<context>/tmp/officeviewer/A.B.WebHome/Q29tcGFueSBQcmVzZW50YXRpb24ucHB0/Company+Presentation-slide0.jpg
>>>>>
>>>>> Note that in this example from the officeviewer macro the module-dependent
>>>>> resource path consists in:
>>>>>
>>>>
>>>>
>>>>> - base64(name of office attachment + hashcode(parameters))
>>>>>
>>>>
>>>> See http://jira.xwiki.org/browse/XWIKI-11528 for the rationale behind it. I
>>>> was trying to avoid backslash (from the serialized attachment reference) in
>>>> the URL.
>>>>
>>>>
>>>>> - generated image name from PPT
>>>>>
>>>>> In this case, the implementation would generate the following file:
>>>>>
>>>>>
>>>>> [TMPDIR]/officeviewer/A/B/WebHome/Q29tcGFueSBQcmVzZW50YXRpb24ucHB0/Company+Presentation-slide0.jpg
>>>>>
>>>>> WDYT?
>>>>>
>>>>> Thanks
>>>>> -Vincent
_______________________________________________
devs mailing list
[email protected]
http://lists.xwiki.org/mailman/listinfo/devs
