[ https://issues.apache.org/jira/browse/SLING-4469?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Konrad Windszus updated SLING-4469: ----------------------------------- Attachment: SLING-4469-v01.patch > SlingPostServlet: do not allow redirects to other hosts > ------------------------------------------------------- > > Key: SLING-4469 > URL: https://issues.apache.org/jira/browse/SLING-4469 > Project: Sling > Issue Type: Improvement > Affects Versions: Servlets Post 2.3.6 > Reporter: Konrad Windszus > Assignee: Konrad Windszus > Attachments: SLING-4469-v01.patch > > > Through the {{:redirect}} parameter of the {{SlingPostServlet}} arbitrary > redirects are possible > (http://sling.apache.org/documentation/bundles/manipulating-content-the-slingpostservlet-servlets-post.html#redirect). > That should be limited so that redirects to other servers are not possible. > Compare also with discussion at: > http://www.mail-archive.com/dev@sling.apache.org/msg43348.html. -- This message was sent by Atlassian JIRA (v6.3.4#6332)