[jira] [Resolved] (SLING-4469) SlingPostServlet: do not allow redirects to other hosts

Konrad Windszus (JIRA) Fri, 24 Apr 2015 04:54:07 -0700

     [ 
https://issues.apache.org/jira/browse/SLING-4469?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Konrad Windszus resolved SLING-4469.
------------------------------------
       Resolution: Fixed
    Fix Version/s: Servlets POST 2.3.8

> SlingPostServlet: do not allow redirects to other hosts
> -------------------------------------------------------
>
>                 Key: SLING-4469
>                 URL: https://issues.apache.org/jira/browse/SLING-4469
>             Project: Sling
>          Issue Type: Improvement
>    Affects Versions: Servlets Post 2.3.6
>            Reporter: Konrad Windszus
>            Assignee: Konrad Windszus
>             Fix For: Servlets POST 2.3.8
>
>         Attachments: SLING-4469-v01.patch
>
>
> Through the {{:redirect}} parameter of the {{SlingPostServlet}} arbitrary 
> redirects are possible 
> (http://sling.apache.org/documentation/bundles/manipulating-content-the-slingpostservlet-servlets-post.html#redirect).
>  That should be limited so that redirects to other servers are not possible.
> Compare also with discussion at: 
> http://www.mail-archive.com/[email protected]/msg43348.html.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Resolved] (SLING-4469) SlingPostServlet: do not allow redirects to other hosts

Reply via email to