Skip to content
This repository has been archived by the owner on Jul 24, 2021. It is now read-only.

Full local(!) path of a public file is shown on both user page and public traces page #205

Closed
openstreetmap-trac opened this issue Jul 23, 2021 · 3 comments
Closed

Full local(!) path of a public file is shown on both user page and public traces page #205

openstreetmap-trac opened this issue Jul 23, 2021 · 3 comments
Assignees
@openstreetmap-trac
Labels
Component: website Priority: major Resolution: duplicate Type: defect

Comments

@openstreetmap-trac
Copy link

Reporter: miki
[Submitted to the original trac issue database at 11.26pm, Monday, 24th April 2006]

cut from my public user page after adding a file:

<local full path deleted>\apotek2.gpx ... (0 points) ... 0 hours ago PENDING
second part of apotek, torvegade, kongensgade, havnegade, englandsgade, borgergade, jyllandsgade, havnegade, strandbygade, skolegade, stormgade, nrregade, jernbanegade, nrrebrogade, strandbykirkevej, langelandsvej, stergade, jagtvej, storegade, wessel
by miki in: esbjerg denmark danmark

After adding a new public file it's full local path on my machine is shown on my public gps trace page (http://www.openstreetmap.org/traces/user/miki). This is probably only during the pending period as my other completed traces only show their file name.

I consider it a security issue as it could, as in my case, reveal local servername and network drive shares.

Mikkel
@openstreetmap-trac openstreetmap-trac self-assigned this Jul 23, 2021
@openstreetmap-trac openstreetmap-trac mentioned this issue Jul 23, 2021
Closed
@openstreetmap-trac
Copy link
Author

Author: miki
[Added to the original trac issue at 1.18pm, Tuesday, 25th April 2006]

Okay, my trace is not pending anymore, but still full path is shown. This must be the result of a really fresh change as it is also an issue on the Public GPS trace page (http://www.openstreetmap.org/traces) for the two most recent traces...

Mikkel

@openstreetmap-trac
Copy link
Author

Author: steve[at]fractalus.com
[Added to the original trac issue at 1.50pm, Tuesday, 25th April 2006]

I think this is a dupe of another bug... but anyway it's because you're using IE, I think. Try uploading in firefox as a stop gap solution.

@openstreetmap-trac
Copy link
Author

Author: miki
[Added to the original trac issue at 2.51pm, Tuesday, 25th April 2006]

oh, sorry, dupe of #66 ;)

Seems plausible, I've uploaded my other traces using Firefox and Konqueror, but unfortunately I'm stuck to IE at work.

A bit strange that only 8 of the 200 most recent traces was uploaded using IE, is this consistent with browser stats? Or maybe there are other prerequisites for this bug?

Where should I look to try to fix this? I would also like to hack at the editor applet at some point when I've become more familiar with this new playground :)

Mikkel

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@openstreetmap-trac openstreetmap-trac

Labels
Component: website Priority: major Resolution: duplicate Type: defect
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@openstreetmap-trac