Item14575: return 403, not 401 when trying a forbidden attachment
Priority: Urgent
Current State: Closed
Released In: n/a
Target Release:
--
MichaelDaum - 11 Dec 2017
Found a couple of little buglet here while testing your fix.
- The label= on the new Config.spec is wrong.
- Wrong encoding for the error response.
I have a test topic that I've been using. Just made up random unicode characters.
-
Litterbox/AśčÁŠŤśěžCopy/TestTöpic.txt
It gets it right when the file has access rights. However the 401 message returns utf-8 characters in the headers without declaring the encoding. This patch fixes it.
diff --git a/lib/Foswiki/Contrib/XSendFileContrib.pm b/lib/Foswiki/Contrib/XSendFileContrib.pm
index f280b95..7f8323e 100644
--- a/lib/Foswiki/Contrib/XSendFileContrib.pm
+++ b/lib/Foswiki/Contrib/XSendFileContrib.pm
@@ -176,6 +176,7 @@ sub xsendfile {
if ($Foswiki::cfg{XSendFileContrib}{RedirectToLoginOnAccessDenied}) {
throw Foswiki::AccessControlException("VIEW", $session->{user}, $web, $topic, "access denied");
} else {
+ $response->header( -type => 'text/plain; charset=utf-8');
$response->status(403);
$response->print("403 - access denied\n");
}
--
GeorgeClark - 11 Dec 2017
Thanks for the fix! Added it to the latest release.
--
MichaelDaum - 12 Dec 2017