[opencms-dev] How could I prevent a malicious user from exporting plain type JSP file to FS?
???
shiys at langhua.cn
Sun Nov 21 17:11:33 CET 2004
Hi list,
One of my users wrote an file named index1.jsp in plain type, set export=true and gave it an export name. After publishing, the file was output to the file system without any subsitution. Then he ran the file from his explorer. I think it's terrible.
I'm going to delete the export property from almost every types in OpenCMS. Is there a better way to countercheck this venomous behavior?
OpenCMS version: 5.0.1
TIA,
Shi Yusen/Langhua
More information about the opencms-dev
mailing list