[SLING-2120] Add functionality to ignore some parameters from POST requests - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: Servlets Post 2.1.0
Fix Version/s: Servlets Post 2.1.2
Component/s: Servlets
Labels:
None

Description

In certain situations a POST request is accompanied with request parameters that are to be ignored. Currently the Sling POST Servlet has two mechanisms to handle such parameters:

any parameter starting with a colon ( is ignored, e.g. :operation
only parameters starting with "./" are considered if at least one parameter has this format

In certain situations, more parameters might be submitted ending in the POST Servlet and then being written to the repository. For example if a user tries to authenticated with form based authentication supplying j_username and j_password parameters then if the Sling POST Servlet is erroneously hit, these values might get written to the repository.

We should add functionality to specify regular expressions for parameters which are to be ignored (apart from the existing mechanism). The default would be "j_.*" to ignore any parameters starting with j_ generally used for authentication

Attachments

Activity

People

Assignee:: Felix Meschberger

Reporter:: Felix Meschberger

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 30/Jun/11 08:35

Updated:: 20/Sep/17 12:04

Resolved:: 30/Jun/11 09:29