Item14575: return 403, not 401 when trying a forbidden attachment

pencil
Priority: Urgent
Current State: Closed
Released In: n/a
Target Release:
Applies To: Extension
Component: XSendFileContrib
Branches: master
Reported By: MichaelDaum
Waiting For:
Last Change By: MichaelDaum
-- MichaelDaum - 11 Dec 2017

Found a couple of little buglet here while testing your fix.
  • The label= on the new Config.spec is wrong.
  • Wrong encoding for the error response.

I have a test topic that I've been using. Just made up random unicode characters.
  • Litterbox/AśčÁŠŤśěžCopy/TestTöpic.txt
It gets it right when the file has access rights. However the 401 message returns utf-8 characters in the headers without declaring the encoding. This patch fixes it.
diff --git a/lib/Foswiki/Contrib/XSendFileContrib.pm b/lib/Foswiki/Contrib/XSendFileContrib.pm
index f280b95..7f8323e 100644
--- a/lib/Foswiki/Contrib/XSendFileContrib.pm
+++ b/lib/Foswiki/Contrib/XSendFileContrib.pm
@@ -176,6 +176,7 @@ sub xsendfile {
     if ($Foswiki::cfg{XSendFileContrib}{RedirectToLoginOnAccessDenied}) {
       throw Foswiki::AccessControlException("VIEW", $session->{user}, $web, $topic, "access denied");
     } else {
+      $response->header( -type => 'text/plain; charset=utf-8');
       $response->status(403);
       $response->print("403 - access denied\n");
     }

-- GeorgeClark - 11 Dec 2017

Thanks for the fix! Added it to the latest release.

-- MichaelDaum - 12 Dec 2017
 
Topic revision: r3 - 12 Dec 2017, MichaelDaum
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy