Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Unregistered users cannot download multiple files (package) on Tomcat #53

Closed
mflorea opened this issue Feb 2, 2022 · 0 comments
Closed
Assignees
Milestone

Comments

@mflorea
Copy link
Collaborator

mflorea commented Feb 2, 2022

The server returns a 400 Bad Request for the download URL. The download URLs look like this:

// Registered user
http://localhost:8080/xwiki/bin/get/FileManager/Download-Admin-NAhd (302 Redirect)
http://localhost:8080/xwiki/tmp/filemanager/document%3Axwiki%3AFileManager.Download-Admin-NAhd/NAhd.zip

// Unregistered user
http://localhost:8080/xwiki/bin/get/FileManager/Download-%24%7Bxcontext.userReference.name%7D-gkub (302 Redirect)
http://localhost:8080/xwiki/tmp/filemanager/document%3Axwiki%3AFileManager.Download-%24%7Bxcontext%21.userReference%21.name%7D-gkub/gkub.zip

Notice the $xcontext.userReference.name in the download URL for unregistered users. The reason is because the guest user reference is null. The Tomcat doesn't like the encoded $ character. It works fine with Jetty though. Note that the URL is properly URL-encoded but Tomcat is protected itself from some security issues and doesn't allow such an URL.

We can use Velocity's silent notation to prevent this problem.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant