Closed Bug 273116 Opened 20 years ago Closed 20 years ago

When saving page, local filename is sent to server.

Categories

(Core Graveyard :: File Handling, defect)

Product:
Core Graveyard
Component:
File Handling
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 249508

People

(Reporter: peter_jonson, Unassigned)

References

(
URL
)

Details

User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8a6) Gecko/20041203 When using 'Save page as', the local filename chosen by the user (or the default one) is sent to the server. It does this by constructing URLs based on all the images in the page, but including '<local filename>_files' in the url. This usually generates a 404 error, but the page and images save OK. Reproducible: Always Steps to Reproduce: 1.Go to http://www.google.com/ 2.(Trace network activity, eg with ethereal) 3.Select 'Save Page As' from the context menu, and choose a distintive file name Actual Results: GET http://www.google.com/my_private_filename_where_i_type_lots_of_private_info_files/logo.gif HTTP/1.1 Expected Results: Save from cache, without sending strange requests. Also in mozilla 1.7.3 and firefox 1.0. Because the saved html is hardcoded to refer to '<local filename>_files' on the local filesystem it is not convenient to rename it, so the user may type a long filename to start with. This may contain several pieces of private information. eg an account number, or how much you think a competitor may bid for a contract, after reading their page, which you are now saving. A website might encourage the saving of a certain page, perhaps suggesting a format for the filename. They could then have this information stored against the identity of each user. If a page includes images from another server, perhaps as part of a secure transaction, and that server redirects the image request, then the new name of the image may be sent to the original server when the page is saved.
Blocks: sbb?
Assignee: general → file-handling
Component: General → File Handling
Product: Mozilla Application Suite → Core
QA Contact: general → ian
Version: unspecified → Trunk
duplicate of a non-security bug... should we remove the flag here? peter_jonson@fastmail.fm: are you using a proxy? *** This bug has been marked as a duplicate of 249508 ***
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
I want to open it to public view, but the tick box is greyed out, so I can't. The bug is consistently reproducible without a proxy.
Blocks: sbb-
No longer blocks: sbb?
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.