Closed
Bug 59408
Opened 24 years ago
Closed 24 years ago
Full path name of uploaded file not sent
Categories
(Core :: DOM: Core & HTML, defect, P3)
Tracking
()
VERIFIED
WONTFIX
mozilla0.9
People
(Reporter: bugzilla, Assigned: pollmann)
References
()
Details
Attachments
(1 file)
|
2.07 KB,
patch
|
Details | Diff | Splinter Review |
If you go to:
http://gemal.dk/browserspy/upload.html
and upload a file fx called c:\temp\adr.ldif
you'll get the following info with Mozilla:
Content-Disposition = form-data; name="upload"; filename="adr.ldif"
But with both Netscape and IE you get the full path to the file:
Content-Disposition = form-data; name="upload"; filename="C:\Temp\adr.ldif"
I'm not 100% sure if it's a bug or not...
|
Assignee | |
Comment 2•24 years ago
|
||
Verified that this still exists, and setting a milestone - should be a trivial fix!
Status: NEW → ASSIGNED
Target Milestone: --- → mozilla0.9
|
||
Updated•24 years ago
|
Target Milestone: mozilla0.9 → Future
|
|
Assignee | |
Comment 3•24 years ago
|
||
|
|
Assignee | |
Comment 4•24 years ago
|
||
Will aim for 0.9 since this is a Low Risk(tm). :)
Whiteboard: fix in hand
Target Milestone: Future → mozilla0.9
|
||
Comment 5•24 years ago
|
||
It looks good, r=rods
|
|
Assignee | |
Comment 6•24 years ago
|
||
Fix checked in. To verify, go the the URL above:
http://gemal.dk/browserspy/upload.html
Click on the Browse... button, and select a file to upload. Make a note of the
full path that is present in the text field, then click the Upload file... button.
On the next page, the Filename listed should be the full path to the file,
exactly the text you noted before. Thanks!
Status: ASSIGNED → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
|
||
Comment 7•24 years ago
|
||
Shouldn't that patch have been reviewed by mstoltz before it was checked in?
|
|
Assignee | |
Comment 9•24 years ago
|
||
Due to the fact that this behaviour was not causing any problems on real world
sites, and it *could* be a security concern to send the full path, I'll be
backing out this change. Thanks Jesse for pointing out the security concern.
As a second reason, the patch above in fact *was* breaking sites because
previous versions of Netscape on Linux would not send the full path so some
server-side scripts could not deal with the absolute path. (See bug 83065 for
more information).
Reopening and marking WONTFIX. This will be backed out in the fix for bug 44464.
Status: VERIFIED → REOPENED
Resolution: FIXED → ---
|
|
Assignee | |
Comment 10•24 years ago
|
||
wontfix
Status: REOPENED → RESOLVED
Closed: 24 years ago → 24 years ago
Resolution: --- → WONTFIX
|
||
Comment 12•24 years ago
|
||
*** Bug 94536 has been marked as a duplicate of this bug. ***
|
|
||
Comment 13•22 years ago
|
||
*** Bug 183178 has been marked as a duplicate of this bug. ***
|
|
||
Comment 14•22 years ago
|
||
*** Bug 147684 has been marked as a duplicate of this bug. ***
|
|
||
Comment 15•21 years ago
|
||
*** Bug 231292 has been marked as a duplicate of this bug. ***
|
||
Comment 16•21 years ago
|
||
*** Bug 213077 has been marked as a duplicate of this bug. ***
|
|
||
Comment 17•20 years ago
|
||
*** Bug 270429 has been marked as a duplicate of this bug. ***
|
||
Updated•20 years ago
|
Summary: Full path name of uploaded file not send → Full path name of uploaded file not sent
Whiteboard: fix in hand
|
||
Updated•6 years ago
|
Component: HTML: Form Submission → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•