Uploaded image for project: 'Sling'
  1. Sling
  2. SLING-4469

SlingPostServlet: do not allow redirects to other hosts

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: Servlets Post 2.3.6
    • Fix Version/s: Servlets Post 2.3.8
    • Component/s: None
    • Labels:
      None

      Description

      Through the :redirect parameter of the SlingPostServlet arbitrary redirects are possible (http://sling.apache.org/documentation/bundles/manipulating-content-the-slingpostservlet-servlets-post.html#redirect). That should be limited so that redirects to other servers are not possible.
      Compare also with discussion at: http://www.mail-archive.com/dev@sling.apache.org/msg43348.html.

        Attachments

        Issue Links

          Activity

            People

            • Assignee:
              kwin Konrad Windszus
              Reporter:
              kwin Konrad Windszus

              Dates

              • Created:
                Updated:
                Resolved:

                Issue deployment