ant-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 50379] get task does not last part of url when redirected
Date Wed, 01 Dec 2010 22:09:15 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=50379

--- Comment #3 from J.M. (Martijn) Kruithof <jkf@apache.org> 2010-12-01 17:09:12 EST
---
Hi Michael

If you have explicitly specified the URL this risk does not exist, as the user
has specified the URL, and therefore knows (or at least could know) what file
name will be used. If you have built up the collection of URL's by crawling a
remote site, yes you better verify them before using them this way.
The following example

<get dest="downloads">
  <url url="http://ant.apache.org/index.html"/> 
  <url url="http://ant.apache.org/faq.html"/>
</get>

will always store the files as downloads/index.html and downloads/faq.html,
even if we decided to move those files and retrieve them using a redirect with
an url like for instance http://ant.apach.org/manual?page=index and
http://ant.apache.org/manual?page=faq

If we would manipulate the name according to the redirect both files would be
stored as downloads/manual

So yes without redirection the risk exists if a user builds up an collection of
URL's by for instance crawling a remote site, but not in case the user
explicitly stated the resources (s)he wanted to retrieve. Starting to rename
the download would expose these users to this risk, to which they are currently
not exposed (and would break builds if someone redirects in a way unexected to
the script).

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

Mime
View raw message