I can access a document via the download URL even if I change the file's name in the URL


  1. I upload a document in Documents and Media (eg: abc.jpg)
  2. I go to Info (i) and copy the Latest Version URL (eg: http://localhost:8080/documents/33764/0/abc.jpg/6bac1ad9-1a7a-0cba-c70a-6fbe17a204a1?t=1571739939285)
  3. I change the file name in the URL (eg: bcd.jpg)
  4. I call the new URL (http://localhost:8080/documents/33764/0/bcd.jpg/6bac1ad9-1a7a-0cba-c70a-6fbe17a204a1?t=1571739939285)

Expected result: an error should be thrown
Actual Result: abc.jpg image is returned


  • DXP 7.0+


The Latest Version URL (http://localhost:8080/documents/33764/0/abc.jpg/6bac1ad9-1a7a-0cba-c70a-6fbe17a204a1?t=1571739939285) includes four parameters:

Group ID: 33764
Folder ID: 0
File Name: abc.jpg
UUID: 6bac1ad9-1a7a-0cba-c70a-6fbe17a204a1?t

When calling this URL, the code will use the Group ID and the UUID to find the file entry. In this case, you can put anything as the File Name and the file associated with that UUID will be returned.

If you delete the UUID from the end of the URL, the portal will use the Group ID, Folder ID, and File Name to get the file entry. In this scenario, if you change the File Name, the document will not be returned and you will receive a 'File not found" error.

0 人中有 0 人觉得有帮助