You need to log in before you can comment on or make changes to this bug.
Been having problems with the download.phtml file located in the widgets folder. This is the problem area: //make sure file_name is valid if ( stristr($file_name, "http") !== false ){ echo "file name $file_name is not valid"; exit; }else{ $file_name = "http://".$_SERVER['HTTP_HOST']."/".$file_name; } file_name is supposed to contain: "full web file name to download" Does that mean the URL? The if statement basically looks to see if http is included, and if it is, then exit with the error message. If it doesnt, then build a URL. All the widgets are sending a full URL, so this is erroring every time. Its an easy fix on my end to work around that if statement, however a work around may not comply with the original intent of the statement. Is it supposed to be rejecting URL's? I assume it should be the reverse, reject non-URL's so that folks can't put in file paths? Further I think it would be benifitial to allow it to only work in the mapserver temp folder. So far thats where the widgets are all dropping the file, and there are no scripts or anything in that folder to worry about someone grabbing. At any rate it needs some tweaking. Ken
Changed target to FUTURE.