Loading...

XML

Word

Printable

At present, if a Confluence space admin allows Anonymous to remove attachments, web spiders can crawl and execute the removeattachment action.

incorporates

CONFSERVER-14147 'Disable plugin' should be POST, not GET

is duplicated by

CONFSERVER-11856 Remove attachment action submitted via GET rather than POST

CONFSERVER-14924 Attachments can be deleted via GET requests

CONFSERVER-21141 wget deletes attachments

is related to

CONFSERVER-11144 Attachments deleted due to google crawled and no 'nofollow' link

CONFSERVER-13671 Unable to delete attachments with German Umlaut like Ü, Ä or Ö in the filename

CONFSERVER-13945 History version comparison should never be a POST

relates to

CONFSERVER-14024 Deleting Attachment via "Open in New Tab" differs when clicking on the link

(2 is related to, 1 relates to)