Developer forum

Forum » Feature requests » Make download handler return 404 on invalid file name

Make download handler return 404 on invalid file name

E-mail notifications
Morten Bengtson
Reply
Posted on 14/02/2012 15:56:06
Hi,

One of our customers has a site where a lot of exceptions are thrown by the download handlers - /Admin/Public/Download.aspx and /Admin/Public/DWSDownload.aspx

The reason is that an invalid File parameter is used, e.g.  /Admin/Public/Download.aspx?File=..
This will make Server.MapPath throw up.

The problem was initially caused by errors in templates used for the file publishing module. The errors has now been corrected, but various crawlers still try to access many of those files.

I implemented a workaround in Global.asax, so that a 404 is returned on invalid file names, but it would be nice if this was handled by Dynamicweb :)

BR
Morten

Replies

 
Nicolai Høeg Pedersen
Posted on 15/02/2012 09:14:40
Reply
Hi Morten

Of course. Will have it registered as a bug and have it fixed.

BR Nicolai

 
Merethe Nielsen
Posted on 20/02/2012 10:50:44
Reply

Hi Morten

What version, pipeline mode are you running?

I can't reproduce this on my 8.0/7.2 test sites. I get a 404 as expected.

  1. I created a page with a paragraph
  2. In the editor I created a link to a file in the Files folder (frontend link is http://www.xxx.dk/Admin/Public/DWSDownload.aspx?File=%2fFiles%2fFiles%2fDynamicweb_eCommerce.pdf)
  3. Deleted the file in the Files folder.
  4. In frontend I now get a 404 page when I click the link
     
Can you provide some steps for reproduce?

Kind regards,
Merethe

 
Morten Bengtson
Posted on 20/02/2012 14:46:45
Reply
I think you misunderstood my description. The handler does return a 404 for non-existing files... but only if the path is valid.
If the path is not valid, an exception is thrown, like here: http://www.dynamicweb-cms.com/admin/public/dwsdownload.aspx?File=......
 
Merethe Nielsen
Posted on 20/02/2012 20:49:13
Reply

Bugged as 8048.

 
Sten Hougaard
Posted on 07/10/2014 16:24:42
Reply

I was wondering, will the  Admin/Public/Download.aspx allow for download of files which

  • are placed under "/files/templates"
  • have extensions like ".cshtml"

Or is that not allowed?


Med venlig hilsen/Best regards,

Sten Hougaard
Webudvikler

E: sho@1stweb.dk
M: 29850818
A: København/Aarhus . W: www.1stweb.dk
@: netsi1964