|
If you were logged in you would be able to see more operations.
|
|
|
| Severity: |
Major
|
| Fixed in Change#: |
43,572
|
| Runtime: |
N/A
|
|
The forms hide the button, but not the handler.
The fix is to change the "save as" case (in BOTH COPIES of source.jsp) to something like the following:
} else if (formAction != null && formAction.startsWith(saveAsLabel)) {
if (request.getRemoteAddr().equals("127.0.0.1")) {
response.addHeader("Content-Type","application/octet-strem");
response.addHeader("Content-Disposition","attachment; filename=\"" +
request.getParameter("saveasfile") + "\"");
out.write(sourceCode);
} else {
// Don't bother with an error. We should only get here
// if someone is spoofing us.
}
return;
|
|
Description
|
The forms hide the button, but not the handler.
The fix is to change the "save as" case (in BOTH COPIES of source.jsp) to something like the following:
} else if (formAction != null && formAction.startsWith(saveAsLabel)) {
if (request.getRemoteAddr().equals("127.0.0.1")) {
response.addHeader("Content-Type","application/octet-strem");
response.addHeader("Content-Disposition","attachment; filename=\"" +
request.getParameter("saveasfile") + "\"");
out.write(sourceCode);
} else {
// Don't bother with an error. We should only get here
// if someone is spoofing us.
}
return;
|
Show » |
|
Bug
Resolved
P0
OpenLaszlo Explorer and Laszlo in Ten Minutes allow users to save to file system