Uploaded image for project: 'Extended Templating Kit (closed)'
  1. Extended Templating Kit (closed)
  2. MGNLETK-112

Path handle is stripped twice thus access to another site is sometimes possible

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 1.4.6, 2.0.15
    • Fix Version/s: 2.0.16
    • Component/s: None
    • Labels:
    • Release notes required:
      Yes

      Description

      With site settings
      site1 mapped to page page1 and domain www.domain1.com
      site2 mapped to page page2 and domain www.domain2.com
      and CrossSiteSecurityFilter restricting access from one to another there is a way to access first level page from other domain by calling:
      www.domain1.com/page1/page2
      www.domain2.com/page2/page1

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              jsimak Jaroslav Simak
              Reporter:
              ochytil Ondrej Chytil
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Date of First Response: