Issue #3424
Updated by pulpbot over 2 years ago
**Ticket moved to GitHub**: "pulp/pulp_file/607":https://github.com/pulp/pulp_file/issues/607 ---- The relative_path field on file content units is not validated. This can be problematic when publishing the content. For instance, if the path contains a comma, the PULP_MANIFEST doesn't do any escaping. Also, I was able to create a file content unit with path PULP_MANIFEST which was then served instead of the actual PULP_MANIFEST. Relevant code for Manifest: https://github.com/pulp/pulp_file/blob/master/pulp_file/app/tasks/publishing.py#L94 https://github.com/pulp/pulp_file/blob/master/pulp_file/manifest.py#L46-L57
.