Security issue allowing to download files of the server running trac

[Daniel Werner]

By entering any path and a corresponding file after any of the html files generated by Doxygen in the following url:

http://tracServer/projects/oneProject/doxygen/html/index.html?path=%2fpath%2fto%2fa%2ffile

it allows to download this specified file which is a big security issue.

[cboos]

Already reported in #951, yes I know, I'm really lousy with that one :(

A patch would help...

[cboos]

Please check r1983.

[Daniel Werner <dan ... moesbar ... net>]

Replying to cboos:

Please check r1983.

I tried this patch but it did not resolve the problem :-(

[cboos]

Are you sure you cleared the web browser cache?

Try with another file (never downloaded so far), just to be sure.

[Daniel Werner <dan ... moesbar ... net>]

arghl!.. can't test it right now!
We will have to wait Monday ! :)

[Blackhex]

I tryied that right now and it seems to be fixed :-).

[Daniel Werner <dwarf007 ... moesbar ... net>]

Replying to cboos:

Are you sure you cleared the web browser cache?

Try with another file (never downloaded so far), just to be sure.

Actually it did not solve the problem on my installation.
I tried with a never downloaded file and I still could download it..
Dunno why!?

[Daniel Werner <dwarf007 ... moesbar ... net>]

Replying to Daniel Werner <dwarf007 ... moesbar ... net>:

Actually it did not solve the problem on my installation.
I tried with a never downloaded file and I still could download it..
Dunno why!?

sorry... I reinstalled it properly from the svn repository and it worked.
Must have done something wrong the last time.