Open rhe-reliatec opened 9 months ago
The DownloadAttachedFile servlet is actually not using the path to file provided in download URL but only the filename is extracted from this path (the absolute path is constructed on server side from scratch). IMHO the better solution would be to pass in download URL only an ID (that would be item_data_id) which is then resolved on server side to locate the actual uploaded file.
Description:
Install LibreClinica on Windows (10 professional, also Win11). It is not possible to download previously uploaded files. The download-urls are not encoded at all. Therefore they contain invalid characters. The only thing you get back is an error-page:
Furthermore if you use in datainfo.properties the default for filePath
the not valid url contains the full path of the uploaded file. 'Heresay' says this is something that should be avoided for security reasons.
Requirements: A Study with a crf, which contains a file-upload-field.
Steps to follow:
Expected result: I want may file back.
Actual result: A tomcat errorpage (text is in Destription).
Server Setup (optional):