Sling
  1. Sling
  2. SLING-2120

Add functionality to ignore some parameters from POST requests

    Details

    • Type: Improvement Improvement
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: Servlets Post 2.1.0
    • Fix Version/s: Servlets Post 2.1.2
    • Component/s: Servlets
    • Labels:
      None

      Description

      In certain situations a POST request is accompanied with request parameters that are to be ignored. Currently the Sling POST Servlet has two mechanisms to handle such parameters:

      • any parameter starting with a colon ( is ignored, e.g. :operation
      • only parameters starting with "./" are considered if at least one parameter has this format

      In certain situations, more parameters might be submitted ending in the POST Servlet and then being written to the repository. For example if a user tries to authenticated with form based authentication supplying j_username and j_password parameters then if the Sling POST Servlet is erroneously hit, these values might get written to the repository.

      We should add functionality to specify regular expressions for parameters which are to be ignored (apart from the existing mechanism). The default would be "j_.*" to ignore any parameters starting with j_ generally used for authentication

        Activity

        No work has yet been logged on this issue.

          People

          • Assignee:
            Felix Meschberger
            Reporter:
            Felix Meschberger
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development