This issue has been created
There is 1 update.
 
 
XWiki Platform / cid:jira-generated-image-avatar-dc0310e8-e014-44a0-b235-25c88b794b80 XWIKI-22422 Open

XWiki shouldn't allow passing URLs with %25 in it
 
View issue   ยท   Add comment
 

Issue created

 
cid:jira-generated-image-avatar-3282e3dd-1d9c-45a2-a45f-7f5a6d279e9a Vincent Massol created this issue on 14/Aug/24 16:35
 
Summary: XWiki shouldn't allow passing URLs with %25 in it
Issue Type: cid:jira-generated-image-avatar-dc0310e8-e014-44a0-b235-25c88b794b80 Bug
Affects Versions: 15.10
Assignee: Unassigned
Created: 14/Aug/24 16:35
Priority: cid:jira-generated-image-static-major-caa69906-bbe0-4639-b8eb-409cf435db92 Major
Reporter: Vincent Massol
Description:

See https://github.com/jetty/jetty.project/issues/12162

What it means:

  • Disallowing %25 in page names and attachment names, using a default page naming strategy
  • Check if we have jobs using % in their ids and if so change their ids. Document a best practice to not use % in job id names.
  • Anything else?
 
 

1 update

 
cid:jira-generated-image-avatar-3282e3dd-1d9c-45a2-a45f-7f5a6d279e9a Changes by Vincent Massol on 14/Aug/24 16:44
 
Description: See https://github.com/jetty/jetty.project/issues/12162

 In short it goes against the Servlet spec.

 What it means:
* Disallowing %25 in page names and attachment names, using a default page naming strategy
* Check if we have jobs using % in their ids and if so change their ids. Document a best practice to not use % in job id names.
* Anything else?
 
 
This message was sent by Atlassian Jira (v9.3.0#930000-sha1:287aeb6) Atlassian logo
If image attachments aren't displayed, see this article.