Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 415195

Summary: Authorization of new file names and copy/move requests is insufficient
Product: [ECD] Orion Reporter: Simon Kaegi <simon_kaegi>
Component: ServerAssignee: Project Inbox <orion.server-inbox>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: P3    
Version: 4.0   
Target Milestone: 4.0 M1   
Hardware: PC   
OS: Windows 7   
Whiteboard:

Description Simon Kaegi CLA 2013-08-15 22:12:18 EDT 
Authorization is currently enforced at the URL level. This is insufficient for the creation of new files and folders and to authorize access to the source location in copy and move calls.
Comment 1 Simon Kaegi CLA 2013-08-15 22:35:16 EDT 
Bug 415195 - Authorization of new file names and copy/move requests is insufficient
Comment 2 Simon Kaegi CLA 2013-08-15 22:53:36 EDT 
A few changes.
1) All paths are now normalized before being sent to the authorization service
2) New files are created only if their normalized name is the same as the slug
3) source locations for move are authorized against a POST at the source URL
4) source locations for copy are authorized against a GET at the source URL