[Tracker-discuss] [issue505] Abuse Message
Izak Burger
metatracker at psf.upfronthosting.co.za
Wed Jan 23 12:32:53 CET 2013
Izak Burger added the comment:
Hi again,
I noted that the detector that is deployed on the main tracker, for
ensuring that text/html content types are not allowed, was not on the
meta tracker. I've copied it there.
I don't think this is enough though. Consider for a second this
command, just to illustrate:
(wget -q -S -O-
http://psf.upfronthosting.co.za/roundup/meta/file291/doc7.html 3>&1
1>&2- 2>&3- ) 2> /dev/null | grep Content-Type
It looks terrible but I just swapped stdout and stderr so I can grep
through the headers.
It appears that once roundup finds the document it is looking for, the
rest of the traversal string is ignored, except that it causes the
Content-Type header to be set to "html". This is not a valid content
type, and will cause some versions of IE to default to html, and some
other browsers to look at the extension (html), so this will be
rendered as html in almost all browsers.
The fix might be as simple as using "text/plain" instead of "html",
wherever this default happens to be.
regards,
Izak
----------
status: unread -> chatting
_______________________________________________________
PSF Meta Tracker <metatracker at psf.upfronthosting.co.za>
<http://psf.upfronthosting.co.za/roundup/meta/issue505>
_______________________________________________________
More information about the Tracker-discuss
mailing list