sling-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Carsten Ziegeler (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SLING-3141) AbstractAuthenticationFormServlet should make sure resource is a valid redirect
Date Tue, 01 Oct 2013 12:09:24 GMT

    [ https://issues.apache.org/jira/browse/SLING-3141?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13782858#comment-13782858
] 

Carsten Ziegeler commented on SLING-3141:
-----------------------------------------

Fixed by using the helper method AuthUtil.isRedirectValid and additionally escaping <,
>, &, " and '


> AbstractAuthenticationFormServlet should make sure resource is a valid redirect
> -------------------------------------------------------------------------------
>
>                 Key: SLING-3141
>                 URL: https://issues.apache.org/jira/browse/SLING-3141
>             Project: Sling
>          Issue Type: Bug
>          Components: Authentication
>    Affects Versions: Auth Core 1.1.2
>            Reporter: Carsten Ziegeler
>            Assignee: Carsten Ziegeler
>             Fix For: Auth Core 1.1.4
>
>
> The resource paramter should be checked to be a valid redirect value in AbstractAuthenticationFormServlet



--
This message was sent by Atlassian JIRA
(v6.1#6144)

Mime
View raw message