Uploaded image for project: 'Sling'
  1. Sling
  2. SLING-4469

SlingPostServlet: do not allow redirects to other hosts

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Major
    • Resolution: Fixed
    • Servlets Post 2.3.6
    • Servlets Post 2.3.8
    • None
    • None

    Description

      Through the :redirect parameter of the SlingPostServlet arbitrary redirects are possible (http://sling.apache.org/documentation/bundles/manipulating-content-the-slingpostservlet-servlets-post.html#redirect). That should be limited so that redirects to other servers are not possible.
      Compare also with discussion at: http://www.mail-archive.com/dev@sling.apache.org/msg43348.html.

      Attachments

        1. SLING-4469-v01.patch
          3 kB
          Konrad Windszus

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. SLING-4666 Post servlet integration test failures

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              kwin Konrad Windszus
              kwin Konrad Windszus
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: