Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Major
Fix Version/s: None
Affects Version/s: None
Component/s: samples, security
Labels:
- next

Template:
Acceptance criteria:

Empty

show more show less
Task DoD:

show more show less
Bug DoR:

show more show less

The default editor role has a whole bunch of URI denies (/.magnolia/pages/configuration*, etc).

As noted in ~~MAGNOLIA-5505~~, this opens up a bunch of security issues, such as being able to gain access to a page one shouldn't have access to.

Acceptance criteria

relates to

MGNLADMLEG-48 PageMVCServlet should be using AggregationState or normalize URLs and be stricter when looking up which page to serve

Closed

Assignee:: Unassigned

Reporter:: Magnolia International

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 19/Nov/13 6:00 PM

Updated:: 19/Dec/16 3:35 PM

Bug DoR

Task DoD