Summary: | [Webapp][Security] More vulnerabilities based on the topic parameter | ||||||
---|---|---|---|---|---|---|---|
Product: | [Eclipse Project] Platform | Reporter: | Chris Goldthorpe <cgold> | ||||
Component: | User Assistance | Assignee: | Chris Goldthorpe <cgold> | ||||
Status: | RESOLVED INVALID | QA Contact: | |||||
Severity: | normal | ||||||
Priority: | P3 | CC: | benysh, kleind, mukund, rahulk, raji, tcornell | ||||
Version: | 3.4 | Keywords: | security | ||||
Target Milestone: | --- | ||||||
Hardware: | PC | ||||||
OS: | Windows XP | ||||||
Whiteboard: | |||||||
Bug Depends on: | 320547, 320548 | ||||||
Bug Blocks: | |||||||
Attachments: |
|
Description
Chris Goldthorpe
2010-07-20 13:33:40 EDT
These are the URLs which are causing problems: http://localhost:1258/help/topic/file:/c:/ http://localhost:59449/help/topic/com.ibm.collaboration.realtime.help/..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5Cboot.ini Created attachment 174800 [details]
Patch for paths containing ..\
There are two separate issues, one is that on Windows ..\ can be passed into the URL and is eventually interpreted as part of a path in the file system. This patch fixes that problem.
There were two distinct and different problems described in this bug report. I have created two new bugs - Bug 320547 and Bug 320548 to track these. I am closing this bug and leaving the security flag on. Removing security restriction for bugs that have been fixed in 3.6.2 or earlier. |