-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
None
The default editor role has a whole bunch of URI denies (/.magnolia/pages/configuration*, etc).
As noted in MAGNOLIA-5505, this opens up a bunch of security issues, such as being able to gain access to a page one shouldn't have access to.
Acceptance criteria
- relates to
-
MGNLADMLEG-48 PageMVCServlet should be using AggregationState or normalize URLs and be stricter when looking up which page to serve
- Closed